SebRosander
commented
1 month ago I'm running into a similar issues when creating the azuread_directory_role_eligibility_schedule_request from scratch.
resource "azuread_directory_role" "internal_it_helpdesk_admin" {
display_name = "Helpdesk Administrator"
}
resource "azuread_directory_role_eligibility_schedule_request" "internal_it_helpdesk_admin" {
role_definition_id = azuread_directory_role.internal_it_helpdesk_admin.template_id
principal_id = azuread_group.internal_it_operator.object_id
directory_scope_id = "/"
justification = "Internal-IT"
}Running the operation as Global Admin.
mhosker
MattGarnerAWR
Community Note
Terraform (and AzureAD Provider) Version
Affected Resource(s)
azuread_directory_role_eligibility_schedule_requestTerraform Configuration Files
Debug Output
Error: Retrieving roleEligibilityScheduleRequest "xxxx-xxx-xxxx-xxxx-xxxxxxxxx" │ │ RoleEligibilityScheduleRequestClient.BaseClient.Get(): unexpected status 403 with OData error: UnknownError: {"errorCode":"PermissionScopeNotGranted","message":"Authorization failed due to missing permission scope │ RoleEligibilitySchedule.ReadWrite.Directory,RoleManagement.ReadWrite.Directory.","instanceAnnotations":[]} ╵
Panic Output
Expected Behavior
Normally, I can use my account that is Global Administrator to import AzureAD resources into state.
Actual Behavior
Errored with missing API permissions.
Steps to Reproduce
terraform importImportant Factoids
References
0000