Skip to content

Delete role assignment by ID does not use the correct URI and fails with MissingSubscription #31109

Description

@clarkbreyman-yammer

Describe the bug

az role assignment delete fails with "MissingSubscription" when --ids parameter is provided with GUIDs rather than fully-qualified resource ids.

Related command

az role assignment delete

Errors

MissingSubscription

Issue script & Debug output

az role assignment delete --ids ae44cb62-f719-4c45-9bb4-878311fcf9e2 --verbose
[...]
msrestazure.azure_active_directory: MSI: Token retrieved
cli.azure.cli.command_modules.role.custom: option '--scope' will be ignored due to use of '--ids'.
cli.azure.cli.core.auth.adal_authentication: MSIAuthenticationWrapper.get_token: scopes=('https://management.core.windows.net//.default',)), kwargs={}
msrestazure.azure_active_directory: MSI: token is found in cache.
cli.azure.cli.core.auth.adal_authentication: Normalize expires_on: '1742599775' -> 1742599775
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/ae44cb62-f719-4c45-9bb4-878311fcf9e2?api-version=2022-04-01'
cli.azure.cli.core.sdk.policies: Request method: 'DELETE'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': 'cc5e6ed8-068b-11f0-905b-00155dffb2e6'
...

Expected behavior

I would expect it to fill in the subscription from my az account if not provided.

If I run `az role assignment delete --ids /subscription/xxx/providers/Microsoft.Authorizaton/roleAssignments/ae44cb62-f719-4c45-9bb4-878311fcf9e2 it works.

Environment Summary

root [ / ]# az --version
azure-cli 2.70.0

core 2.70.0
telemetry 1.1.0

Dependencies:
msal 1.31.2b1
azure-mgmt-resource 23.1.1

Python location '/usr/bin/python3.12'
Config directory '/root/.azure'
Extensions directory '/root/.azure/cliextensions'

Python (Linux) 3.12.9 (main, Mar 11 2025, 15:30:57) [GCC 13.2.0]

Legal docs and information: aka.ms/AzureCliLegal

Your CLI is up-to-date.

Additional context

No response

Metadata

Metadata

Assignees

Labels

ARMaz resource/group/lock/tag/deployment/policy/managementapp/account management-groupAuto-AssignAuto assign by botAzure CLI TeamThe command of the issue is owned by Azure CLI teamRBACaz roleSimilar-Issueact-identity-squadquestionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions