Share via

AuthorizationFailed: Unable to Delete Role Assignment Due to ABAC Condition in Pay-As-You-Go Subscription 26049fd6-7b85-4142-8060-b88930cb8cec

Santhosh C 0 Reputation points
2025-01-23T19:19:03.9766667+00:00

I am writing to request your assistance with a critical issue I am facing in my Pay-As-You-Go subscription. I am encountering an AuthorizationFailed error while attempting to delete a role assignment. Despite having the Owner role for the subscription, my account is blocked from performing the action due to ABAC (Attribute-Based Access Control) conditions.

Details of the Issue:

  • Subscription ID: 26049fd6-xxxx-4142-8060-xxxxxxxxx
  • Role Assignment ID: b9122032-xxxx-43b0-a9d8-xxxxxxxxxxxx
  • Error Message:
sql
CopyEdit
(AuthorizationFailed) The client

Actions Taken:

  1. Verified my role assignment using Azure CLI and confirmed that my account has the Owner role at the subscription level.
  2. Identified that the ABAC condition applied to the role assignment is causing the issue. The condition includes:
arduino
CopyEdit
((!(ActionMatches{
  1. Attempted to delete the role assignment using Azure CLI, which resulted in the same AuthorizationFailed error.
  2. Checked for Azure Policies applied to the subscription but found no explicit policies blocking the action.

Request for Assistance:

I kindly request your help with the following:

  1. Guidance on how to resolve the ABAC condition and successfully delete the role assignment.
  2. Confirmation if additional permissions or changes are required to bypass or modify the ABAC condition.
  3. Assistance with any further troubleshooting steps that can be performed under the Basic Pay-As-You-Go subscription.

Your support in resolving this matter is greatly appreciated. Please let me know if additional details or clarification are required.

Thank you for your time and assistance.

Best regards, Santhosh
Email: <Removed by mod>

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
877 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. BANDELA Siri Chandana 1,405 Reputation points Microsoft Vendor
    2025-01-27T06:22:50.94+00:00

    Hi @Santhosh C

    Thank you for posting your issue on Microsoft Q&A.

    I understand that you are trying to delete role assignment, but your account is blocked from performing the action due to ABAC (Attribute-Based Access Control) conditions.

    You have tried with Azure CLI but facing the same issue. Try with the document https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-portal for editing or deleting condition by using different methods.

    Follow the document to remove role assignment: https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-remove

    Hope this helps. Do let us know if you have any further queries.
    If this answers your query, do click `Accept Answer` and `Yes`.

    Thanks,

    B. Siri Chandana.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.