Bicep version
All
Describe the bug
var sgName = 'mySG'
resource sg 'Microsoft.Management/serviceGroups@2024-02-01-preview' existing = {
name: sgName
scope: tenant()
}
resource site 'Microsoft.Edge/sites@2025-03-01-preview' = {
scope: sg
name: 'MySite'
properties: {}
}should produce the following scope on the site resource
"scope": "[format('/providers/Microsoft.Management/serviceGroups/{0}', variables('sgName'))]",but it produces
"scope": "[format('Microsoft.Management/serviceGroups/{0}', variables('sgName'))]",Because it's not absolute, it inherits the scope of the deployment. In the reported case, this was an RG deployment and user is unable to issue a tenant level deployment due to lack of permissions.
Suggested workaround was to compile the Bicep into an ARM template and make the manual edit, but this looks like a gap in support for service groups.
Additional context
This is a repair item created from an internal incident.
Bicep version
All
Describe the bug
should produce the following scope on the site resource
but it produces
Because it's not absolute, it inherits the scope of the deployment. In the reported case, this was an RG deployment and user is unable to issue a tenant level deployment due to lack of permissions.
Suggested workaround was to compile the Bicep into an ARM template and make the manual edit, but this looks like a gap in support for service groups.
Additional context
This is a repair item created from an internal incident.