Azure-cli: az role definition update - wrong example

Update regarding the error I received:

• created a role with 2 assignable subscriptions (A + B)
• az account set was set to B
• create role definition, assuming it would end up in scope B as it is default for other resources being created, turns out to be a resource in A (I guess since it was listed first in assignable scopes)
• error occured when I tried to remove subscription A and add C

So I guess the error Please provide the unique logic name of an existing role actually means Can not remove subscription where Role is defined or something

It is a CLI bug that we are not resolving the role definitions from the assignable scopes correctly.
@anoff Sorry for the delay in response. For now the reliable workaround is to delete and recreate the definition before we release the fix

Is this bug resolved? If I'm reading it correctly, the role definition update functionality does not work?

Does this seem similar to https://github.com/Azure/azure-cli/issues/2745 ?
I am unable to update an existing role definition when assigned across multiple subscriptions (even though, I am in owner role across all subscriptions). I end up with similar:

"Please provide the unique logic name of an existing role"

This happens if in my role def I use the friendly "name" or the guid value..

Just a follow up - this works perfectly fine in PowerShell - it seems only a fault of Azure CLI.

I have the fix submitted, the key is to use the output of "az role definition create/list" to construct the input for update. The difference is there is the id which tells CLI the right subscription to use.

I have the fix submitted, the key is to use the output of "az role definition create/list" to construct the input for update. The difference is there is the id which tells CLI the right subscription to use.

I have done it but it still does not work. The issue is when I try add other subscription in "assignableScopes"

@santy8a, did you get the same error?

@santy8a, did you get the same error?

Yes. Same error.

This is my custom role

I created this file using this command. It is right?

az role definition list --name "Uses Case Role" --query [0] > /tmp/uses_case.json

But. when I try to update

$ az role definition update --role-definition /tmp/uses_case.json
Please provide the unique logic name of an existing role

@santy8a, the id is not respected right now but my PR will do. So please use the upcoming release

Thanks a lot @yugangw-msft ,
Do you know when is upcoming release?

@santy8a, it will be around tomorrow

Great, thank you very much