Azure-docs: RBAC Binding Issues with User Subject

Thanks for the feedback! We are currently investigating and will update you shortly.

@iainfoulds Can you please share your insights, are you aware of this being a regression issue or missing from the doc. Thanks. :)

@iainfoulds I found this issue where the doc changes were made to change the name from user's email address to object id in rbac-aad-user.yaml file. You mentioned that there was a known problem which was fixed.
Can you please take a look at this one or provide me the names of the product team members who were involved in this and I can reach out to them? Thanks. :)

There was an issue when the user existed in a different tenant, so the objectId can't be used. The workaround was to specify the e-mail instead.

@palma21 to comment on the behavior experienced here as to why that doesn't appear to work correctly.

Correct:
Today the UPN (aka [email protected]) only works when using the user's tenant (domain.com) since otherwise, for guest users, they won't have UPN.

For users within the tenant (domain.com) it will look before on the UPN, we are making it fallback to objectID so that it works on all scenarios, so for users within the tenant please use UPN.

@droessmj Does that help answer your question? Let us know.

@Karishma-Tiwari-MSFT I believe this helps. To restate the above, if we're using a user within our tenant we would be expected to specify UPN. If we're granting permissions to a user outside our tenant but still within AAD, we would specify ObjectId. For groups, we continue to use ObjectId.

If all that is true, then it sounds like the only item outstanding is a minor documentation amendment. Thanks y'all.

Thanks @droessmj for sharing the update.
We will now close this issue. If there are further questions regarding this matter, please tag me in a comment. I will reopen it and we will gladly continue the discussion.