Make role id unique per environment

alrios-ms · danielluo-msft · commit 8680839a14fb · 2024-05-15T16:49:46.000-07:00
diff --git a/Deployment/rbacTemplate.bicep b/Deployment/rbacTemplate.bicep
@@ -4,13 +4,16 @@ param roleDefinitionId string
 @description('Array of principals to assign the role to. [{principalId: string, principalType: string}]')
 param principals array
 
+@description('Name of the data resource group')
+param dataResourceGroupName string
+
 resource appConfigDataReaderRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-05-01-preview' existing = {
   name: roleDefinitionId
 }
 
 // 'App Configuration Data Owner'
 resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principal in principals: {
-    name: guid(principal.principalId, roleDefinitionId)
+    name: guid(principal.principalId, roleDefinitionId, dataResourceGroupName)
     properties: {
       roleDefinitionId: appConfigDataReaderRoleDefinition.id
       principalId: principal.principalId
diff --git a/Deployment/resourceGroups.bicep b/Deployment/resourceGroups.bicep
@@ -29,5 +29,6 @@ module appConfigurationRBAC 'rbacTemplate.bicep' = if (grantAppConfigurationData
     // App Configuration Data Owner
     roleDefinitionId: '5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b'
     principals: appConfigurationDataOwners
+    dataResourceGroupName: dataResourceGroupName
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -29,5 +29,6 @@ module appConfigurationRBAC 'rbacTemplate.bicep' = if (grantAppConfigurationData`
`29`	`29`	`// App Configuration Data Owner`
`30`	`30`	`roleDefinitionId: '5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b'`
`31`	`31`	`principals: appConfigurationDataOwners`
	`32`	`+ dataResourceGroupName: dataResourceGroupName`
`32`	`33`	`}`
`33`	`34`	`}`