-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get-AzRoleAssignment returns assignment for soft deleted storage containers #25375
Comments
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @kenieva, @AshishGargMicrosoft. |
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @kenieva, @AshishGargMicrosoft. |
This looks like a server side behavior, instead of Azure Powershell issue. Besides that, I don't see Storage Powershell cmdlets related with this issue. |
I've no idea (and I don't care) whether this is cmdlet issue or what. I am just saying that the behavior of this particular cmdlet is unexpected to say it politely :) I also don't know whether this applies to other Azure resources besides Storage Account. Anyway I had to create a custom function that calls the same API as Azure GUI a.k.a. GET request on "https://management.azure.com/$scope/providers/Microsoft.Authorization/roleAssignments?`$filter=atScope()&api-version=2020-04-01-preview" |
We work on Powershell (client side), not on Azure server side, so we might not be the best person to help you for server issue. Besides that, I would suggest sharing more details of this issue in the help ticket (and here), like:
It's a little confuse, since normally when do token validation, will validate the container name (path), but not care about the container creation time. So the old/new container with same name should be equally in token validation. However, the issue looks not related with storage cmdlets, but role assignment cmdlets, this is not owned by storage team. @isra-fel Would you please help to follow up if any support of role assignment cmdlets needed for this issue? |
Description
Follow the steps below to simulate this issue
You will receive various inherited role assignments but also assignments for role RRR and group GGG which are actually assigned at the deleted container, not this one newly created!
Issue script & Debug output
Get-AzRoleAssignment
Environment data
Module versions
Error output
The text was updated successfully, but these errors were encountered: