Hi

We are are trying to assign role definition during assignment but we are not able to achieve required result.
We tried in both ways
#role_definition_ids = module.PrivateLinkAzureAutomationArecordtoprivateDNSZone.role_definition_ids
/*
role_definition_ids = [
data.azurerm_role_definition.DNS_Zone_Contributor.id,
data.azurerm_role_definition.Network_Contributor.id
]
*/

By trying both the ways we are able to see role definition in
This identity will also be given the following permissions:

refer attach image

Hi @Nikhleshk,

Could you please share the assignment code please?

Thanks

module "org_mg_PrivateLinkAzureAutomationArecordtoprivateDNSZone" {
source = "..//modules/def_assignment"
definition = module.PrivateLinkAzureAutomationArecordtoprivateDNSZone.definition
assignment_scope = data.azurerm_management_group.org.id
assignment_effect = "DeployIfNotExists"
skip_remediation = var.skip_remediation
skip_role_assignment = false
#role_definition_ids = module.PrivateLinkAzureAutomationArecordtoprivateDNSZone.role_definition_ids
/*
role_definition_ids = [
data.azurerm_role_definition.DNS_Zone_Contributor.id,
data.azurerm_role_definition.Network_Contributor.id
]
*/
assignment_parameters = {
privateDnsZoneId = "/subscriptions/74bd4da4-5bd3-449a-9e17-49d12a2b2a00/resourceGroups/privatednszones-prod-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net"
}
}

def_assignment will automatically assign roles located in the definition without needing to populate role_definition_ids so you can remove it.

I have also included this ability in the next version 2.6.0 for set_assignment

I have used it without role definition too but still same result.
and for testing i am testing with policy not initiative