Problem with adding or deleting the resource roles in the access package in Azure

Question

I'm new to Azure AD. However, I observed a weired behaviour in Azure.

After adding / deleting the resource group. The notification says, its success. However, after checking again in few minutes:- (The deleted resources roles are added back into package and the added resources are getting removed as well. This is happening automatically.) I do't have any clue, Anyone faced similar issues? OR, could it be some seetings which is forcing group( sg-ag-rg* group) to stay intact to the access package?

Could anyone please clarify or give some clue? Thanks.

Answer 1

• It might be because they are getting deleted in background and when you check again instantaneously, you would be seeing them as being there itself again. Or else, it might be due to an Azure policy assignment to specific selected users due to which, even after deleting the resource group, the access package assigned to the user is not deleted and is recreated once again since it is a part of Azure AD Identity and Governance.

• I would suggest you to please remove all access package assignments for all the users, groups and applications or sites and their entitlements and then try deleting the access packages and subsequently, the resource group. Thus, in this way, the resource role related to access package will be deleted successfully and will not be recreated even after resource group deletion.

For more information regarding this, you can please refer to the documentation link below: -

https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-resources#remove-resource-roles

https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-edit#delete-an-access-package