[BULK] [Bundle-Security] - Scheduled execution to fix known issues (part 27)

azps-15.4.0/Az.Resources/New-AzADAppFederatedCredential.md

@@ -27,7 +27,7 @@ Create federatedIdentityCredential for applications.
 
 ### Example 1: Create federated identity credential for application
 ```powershell
-New-AzADAppFederatedCredential -ApplicationObjectId $appObjectId -Audience api://AzureADTokenExchange -Issuer https://login.microsoftonline.com/3d1e2be9-a10a-4a0c-8380-7ce190f98ed9/v2.0 -name 'test-cred' -Subject 'subject'
+New-AzADAppFederatedCredential -ApplicationObjectId $appObjectId -Audience api://AzureADTokenExchange -Issuer https://login.microsoftonline.com/aaaabbbb-0000-cccc-1111-dddd2222eeee/v2.0 -name 'test-cred' -Subject 'subject'
 ```
 
 Create federated identity credential for application

azps-15.4.0/Az.Resources/New-AzADServicePrincipalAppRoleAssignment.md

@@ -49,26 +49,26 @@ Create new navigation property to appRoleAssignments for servicePrincipals
 
 ### Example 1: ObjectIdWithResourceIdParameterSet
 ```powershell
-New-AzADServicePrincipalAppRoleAssignment -ServicePrincipalId 71beb965-8347-495d-a589-c21cdde7a722 -ResourceId 351fa797-c81a-4998-9720-4c2ecb6c7abc -AppRoleId 649ae968-bdf9-4f22-bb2c-2aa1b4af0a83
+New-AzADServicePrincipalAppRoleAssignment -ServicePrincipalId aaaaaaaa-bbbb-cccc-1111-222222222222 -ResourceId a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 -AppRoleId b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2
 ```
 
 ```output
 Id                                          AppRoleId                            PrincipalDisplayName PrincipalId                          CreatedDateTime
 --                                          ---------                            -------------------- -----------                          ---------------
-Zbm-cUeDXUmlicIc3eenIkgIm8kv9kJPj4MFhepACNE 649ae968-bdf9-4f22-bb2c-2aa1b4af0a83 funapp1214           71beb965-8347-495d-a589-c21cdde7a722 12/14/2023 7:04:28 AM
+Zbm-cUeDXUmlicIc3eenIkgIm8kv9kJPj4MFhepACNE b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2 funapp1214           aaaaaaaa-bbbb-cccc-1111-222222222222 12/14/2023 7:04:28 AM
 ```
 
 Create an appRoleAssignment using ServicePrincipalId and ResourceId.
 
 ### Example 2: SPNWithResourceDisplayNameParameterSet
 ```powershell
-New-AzADServicePrincipalAppRoleAssignment -ServicePrincipalDisplayName funapp1214 -ResourceDisplayName nori-sp -AppRoleId 649ae968-bdf9-4f22-bb2c-2aa1b4af0a83
+New-AzADServicePrincipalAppRoleAssignment -ServicePrincipalDisplayName funapp1214 -ResourceDisplayName nori-sp -AppRoleId b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2
 ```
 
 ```output
 Id                                          AppRoleId                            PrincipalDisplayName PrincipalId                          CreatedDateTime
 --                                          ---------                            -------------------- -----------                          ---------------
-Zbm-cUeDXUmlicIc3eenIlqgWRlWp2hFrXIJiqP2j78 649ae968-bdf9-4f22-bb2c-2aa1b4af0a83 funapp1214           71beb965-8347-495d-a589-c21cdde7a722 12/14/2023 7:07:16 AM
+Zbm-cUeDXUmlicIc3eenIlqgWRlWp2hFrXIJiqP2j78 b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2 funapp1214           aaaaaaaa-bbbb-cccc-1111-222222222222 12/14/2023 7:07:16 AM
 ```
 
 Create an appRoleAssignment for service principal using ServicePrincipal DisplayName and Resource DisplayName.

azps-15.4.0/Az.Resources/New-AzManagementGroup.md

@@ -42,7 +42,7 @@ New-AzManagementGroup -GroupName "TestGroup"
 Id                : /providers/Microsoft.Management/managementGroups/TestGroup
 Type              : /providers/Microsoft.Management/managementGroups
 Name              : TestGroup
-TenantId          : 00001111-aaaa-2222-bbbb-3333cccc4444
+TenantId          : aaaabbbb-0000-cccc-1111-dddd2222eeee
 DisplayName       : TestGroup
 UpdatedTime       : 2/1/2018 11:06:27 AM
 UpdatedBy         : 00001111-aaaa-2222-bbbb-3333cccc4444
@@ -62,7 +62,7 @@ New-AzManagementGroup -GroupName "TestGroup" -DisplayName "TestGroupDisplayName"
 Id                : /providers/Microsoft.Management/managementGroups/TestGroup
 Type              : /providers/Microsoft.Management/managementGroups
 Name              : TestGroup
-TenantId          : 00001111-aaaa-2222-bbbb-3333cccc4444
+TenantId          : aaaabbbb-0000-cccc-1111-dddd2222eeee
 DisplayName       : TestGroup
 UpdatedTime       : 2/1/2018 11:06:27 AM
 UpdatedBy         : 00001111-aaaa-2222-bbbb-3333cccc4444
@@ -82,7 +82,7 @@ New-AzManagementGroup -GroupName "TestGroup" -DisplayName "TestGroupDisplayName"
 Id                : /providers/Microsoft.Management/managementGroups/TestGroup
 Type              : /providers/Microsoft.Management/managementGroups
 Name              : TestGroup
-TenantId          : 00001111-aaaa-2222-bbbb-3333cccc4444
+TenantId          : aaaabbbb-0000-cccc-1111-dddd2222eeee
 DisplayName       : TestGroupDisplayName
 UpdatedTime       : 2/1/2018 11:16:12 AM
 UpdatedBy         : 00001111-aaaa-2222-bbbb-3333cccc4444
@@ -101,7 +101,7 @@ New-AzManagementGroup -GroupName "TestGroup" -ParentObject $parentObject
 Id                : /providers/Microsoft.Management/managementGroups/TestGroup
 Type              : /providers/Microsoft.Management/managementGroups
 Name              : TestGroup
-TenantId          : 00001111-aaaa-2222-bbbb-3333cccc4444
+TenantId          : aaaabbbb-0000-cccc-1111-dddd2222eeee
 DisplayName       : TestGroupDisplayName
 UpdatedTime       : 2/1/2018 11:16:12 AM
 UpdatedBy         : 00001111-aaaa-2222-bbbb-3333cccc4444

azps-15.4.0/Az.Resources/New-AzManagementGroupHierarchySetting.md

@@ -42,7 +42,7 @@ New-AzManagementGroupHierarchySetting -GroupName c7a87cda-9a66-4920-b0f8-869baa0
 Id          : /providers/Microsoft.Management/managementGroups/c7a87cda-9a66-4920-b0f8-869baa04efe0/settings/default
 Type        : Microsoft.Management/managementGroups/settings
 Name        : default
-TenantId    : 00001111-aaaa-2222-bbbb-3333cccc4444
+TenantId    : aaaabbbb-0000-cccc-1111-dddd2222eeee
 RequireAuthorizationForGroupCreation : true
 DefaultManagementGroup :
 ```
@@ -56,7 +56,7 @@ New-AzManagementGroupHierarchySetting -GroupName c7a87cda-9a66-4920-b0f8-869baa0
 Id          : /providers/Microsoft.Management/managementGroups/c7a87cda-9a66-4920-b0f8-869baa04efe0/settings/default
 Type        : Microsoft.Management/managementGroups/settings
 Name        : default
-TenantId    : 00001111-aaaa-2222-bbbb-3333cccc4444
+TenantId    : aaaabbbb-0000-cccc-1111-dddd2222eeee
 RequireAuthorizationForGroupCreation : false
 DefaultManagementGroup : TestGroup
 ```
@@ -70,7 +70,7 @@ New-AzManagementGroupHierarchySetting -GroupName c7a87cda-9a66-4920-b0f8-869baa0
 Id          : /providers/Microsoft.Management/managementGroups/c7a87cda-9a66-4920-b0f8-869baa04efe0/settings/default
 Type        : Microsoft.Management/managementGroups/settings
 Name        : default
-TenantId    : 00001111-aaaa-2222-bbbb-3333cccc4444
+TenantId    : aaaabbbb-0000-cccc-1111-dddd2222eeee
 RequireAuthorizationForGroupCreation : true
 DefaultManagementGroup : TestGroup
 ```

azps-15.4.0/Az.Resources/New-AzManagementGroupSubscription.md

@@ -27,14 +27,14 @@ The **New-AzManagementGroupSubscription** cmdlet adds a Subscription to a Manage
 
 ### Example 1: Add Subscription to a Management Group
 ```powershell
-New-AzManagementGroupSubscription -GroupName "TestGroup" -SubscriptionId 5602fbd9-fb0d-4fbb-98b3-10c8ea20b6de
+New-AzManagementGroupSubscription -GroupName "TestGroup" -SubscriptionId aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e
 ```
 
 ```output
-Name              : 5602fbd9-fb0d-4fbb-98b3-10c8ea20b6de
+Name              : aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e
 Type              : Microsoft.Management/managementGroups/subscriptions
-Id                : /providers/Microsoft.Management/managementGroups/TestGroup/subscriptions/5602fbd9-fb0d-4fbb-98b3-10c8ea20b6de
-TenantId          : 00001111-aaaa-2222-bbbb-3333cccc4444
+Id                : /providers/Microsoft.Management/managementGroups/TestGroup/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e
+TenantId          : aaaabbbb-0000-cccc-1111-dddd2222eeee
 DisplayName       : Visual Studio Enterprise Subscription
 ParentId          : /providers/Microsoft.Management/managementGroups/TestGroup
 State             : Active

azps-15.4.0/Az.Resources/New-AzPrivateLinkAssociation.md

@@ -27,18 +27,18 @@ The New-AzPrivateLinkAssociation cmdlet creates the private link association at
 
 ### Example 1
 ```powershell
-New-AzPrivateLinkAssociation -ManagementGroupId fc096d27-0434-4460-a3ea-110df0422a2d -Name 1d7942d1-288b-48de-8d0f-2d2aa8e03ad4 | Format-List
+New-AzPrivateLinkAssociation -ManagementGroupId aaaabbbb-0000-cccc-1111-dddd2222eeee -Name 1d7942d1-288b-48de-8d0f-2d2aa8e03ad4 | Format-List
 ```
 
 ```output
-Id         : /providers/Microsoft.Management/managementGroups/fc096d27-0434-4460-a3ea-110df0422a2d/providers/Microsoft.
+Id         : /providers/Microsoft.Management/managementGroups/aaaabbbb-0000-cccc-1111-dddd2222eeee/providers/Microsoft.
              Authorization/privateLinkAssociations/1d7942d1-288b-48de-8d0f-2d2aa8e03ad4
 Type       : Microsoft.Authorization/privateLinkAssociations
 Name       : 1d7942d1-288b-48de-8d0f-2d2aa8e03ad4
 Properties : {"privateLink":"/subscriptions/aeb49941-36c3-4e7c-9ffd-16ba89d33ec4/resourceGroups/nrp-validate/providers/
              Microsoft.Authorization/resourceManagementPrivateLinks/DeepDiveRMPL","publicNetworkAc
-             cess":"Enabled","tenantID":"fc096d27-0434-4460-a3ea-110df0422a2d","scope":"/providers/Microsoft.Management
-             /managementGroups/fc096d27-0434-4460-a3ea-110df0422a2d"}
+             cess":"Enabled","tenantID":"aaaabbbb-0000-cccc-1111-dddd2222eeee","scope":"/providers/Microsoft.Management
+             /managementGroups/aaaabbbb-0000-cccc-1111-dddd2222eeee"}
 ```
 
 Creates the specific private link associations at the management group scope.

azps-15.4.0/Az.Resources/New-AzRoleAssignment.md

@@ -151,9 +151,9 @@ Get-AzADGroup -SearchString "Christine Koch Team"
 
           DisplayName                    Type                           Id
           -----------                    ----                           --------
-          Christine Koch Team                                           2f9d4375-cbf1-48e8-83c9-2a0be4cb33fb
+          Christine Koch Team                                           aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb
 
-New-AzRoleAssignment -ObjectId 2f9d4375-cbf1-48e8-83c9-2a0be4cb33fb -RoleDefinitionName Contributor  -ResourceGroupName rg1
+New-AzRoleAssignment -ObjectId aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb -RoleDefinitionName Contributor  -ResourceGroupName rg1
 ```
 
 Grant access to a security group
@@ -167,7 +167,7 @@ Grant access to a user at a resource (website)
 
 ### Example 4
 ```powershell
-New-AzRoleAssignment -ObjectId 00001111-aaaa-2222-bbbb-3333cccc4444 -RoleDefinitionName "Virtual Machine Contributor" -ResourceName Devices-Engineering-ProjectRND -ResourceType Microsoft.Network/virtualNetworks/subnets -ParentResource virtualNetworks/VNET-EASTUS-01 -ResourceGroupName Network
+New-AzRoleAssignment -ObjectId aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb -RoleDefinitionName "Virtual Machine Contributor" -ResourceName Devices-Engineering-ProjectRND -ResourceType Microsoft.Network/virtualNetworks/subnets -ParentResource virtualNetworks/VNET-EASTUS-01 -ResourceGroupName Network
 ```
 
 Grant access to a group at a nested resource (subnet)
@@ -207,7 +207,7 @@ $DelegationParams = @{
     Condition = $Condition 
     Scope = "/subscriptions/11112222-bbbb-3333-cccc-4444dddd5555" 
     RoleDefinitionName = 'User Access Administrator' 
-    ObjectId = "00001111-aaaa-2222-bbbb-3333cccc4444"
+    ObjectId = "aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb"
 }
 
 New-AzRoleAssignment @DelegationParams
@@ -247,7 +247,7 @@ $DelegationParams = @{
     Condition = $Condition 
     Scope = "/subscriptions/11112222-bbbb-3333-cccc-4444dddd5555" 
     RoleDefinitionName = 'User Access Administrator' 
-    ObjectId = "00001111-aaaa-2222-bbbb-3333cccc4444"
+    ObjectId = "aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb"
 }
 
 New-AzRoleAssignment @DelegationParams

azps-15.4.0/Az.Resources/New-AzRoleAssignmentScheduleRequest.md

@@ -46,14 +46,14 @@ Create a role assignment schedule request.
 ```powershell
 $guid = "12f8978c-5d8d-4fbf-b4b6-2f43eeb43eca"
 $startTime = Get-Date -Format o 
-$scope = "/subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d/"
-New-AzRoleAssignmentScheduleRequest -Name $guid -Scope $scope -ExpirationDuration PT1H -ExpirationType AfterDuration -PrincipalId 5a4bdd72-ab3e-4d8e-ab0f-8dd8917481a2 -RequestType AdminAssign -RoleDefinitionId subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7 -ScheduleInfoStartDateTime $startTime
+$scope = "/subscriptions/bbbbbbbb-cccc-dddd-2222-333333333333/"
+New-AzRoleAssignmentScheduleRequest -Name $guid -Scope $scope -ExpirationDuration PT1H -ExpirationType AfterDuration -PrincipalId aaaaaaaa-bbbb-cccc-1111-222222222222 -RequestType AdminAssign -RoleDefinitionId subscriptions/bbbbbbbb-cccc-dddd-2222-333333333333/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7 -ScheduleInfoStartDateTime $startTime
 ```
 
 ```output
 Name                                 Type                                                    Scope                                               RoleDefinitionId
 ----                                 ----                                                    -----                                               ----------------                                                                 
-12f8978c-5d8d-4fbf-b4b6-2f43eeb43eca Microsoft.Authorization/roleAssignmentScheduleRequests /subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d /subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d/providers/Microsoft.Authori…
+12f8978c-5d8d-4fbf-b4b6-2f43eeb43eca Microsoft.Authorization/roleAssignmentScheduleRequests /subscriptions/bbbbbbbb-cccc-dddd-2222-333333333333 /subscriptions/bbbbbbbb-cccc-dddd-2222-333333333333/providers/Microsoft.Authori…
 ```
 
 Creates a request to provision an active assignment of `roleDefinition` on the `scope` for the specified `principal`
@@ -62,14 +62,14 @@ Creates a request to provision an active assignment of `roleDefinition` on the `
 ```powershell
 $guid = "13f8978c-5d8d-4fbf-b4b6-2f43eeb43eca"
 $startTime = Get-Date -Format o 
-$scope = "/subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d/"
-New-AzRoleAssignmentScheduleRequest -Name $guid -Scope $scope -ExpirationDuration PT1H -ExpirationType AfterDuration -PrincipalId 5a4bdd72-ab3e-4d8e-ab0f-8dd8917481a2 -RequestType AdminRemove -RoleDefinitionId subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7 -ScheduleInfoStartDateTime $startTime
+$scope = "/subscriptions/bbbbbbbb-cccc-dddd-2222-333333333333/"
+New-AzRoleAssignmentScheduleRequest -Name $guid -Scope $scope -ExpirationDuration PT1H -ExpirationType AfterDuration -PrincipalId aaaaaaaa-bbbb-cccc-1111-222222222222 -RequestType AdminRemove -RoleDefinitionId subscriptions/bbbbbbbb-cccc-dddd-2222-333333333333/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7 -ScheduleInfoStartDateTime $startTime
 ```
 
 ```output
 Name                                 Type                                                    Scope                                               RoleDefinitionId
 ----                                 ----                                                    -----                                               ----------------                                                                 
-13f8978c-5d8d-4fbf-b4b6-2f43eeb43eca Microsoft.Authorization/roleAssignmentScheduleRequests /subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d /subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d/providers/Microsoft.Authori…
+13f8978c-5d8d-4fbf-b4b6-2f43eeb43eca Microsoft.Authorization/roleAssignmentScheduleRequests /subscriptions/bbbbbbbb-cccc-dddd-2222-333333333333 /subscriptions/bbbbbbbb-cccc-dddd-2222-333333333333/providers/Microsoft.Authori…
 ```
 
 Creates a request to remove an active assignment of `roleDefinition` on the `scope` for the specified `principal`
@@ -78,14 +78,14 @@ Creates a request to remove an active assignment of `roleDefinition` on the `sco
 ```powershell
 $guid = "12f8978c-5d8d-4fbf-b4b6-2f43eeb43eca"
 $startTime = Get-Date -Format o 
-$scope = "/subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d/"
-New-AzRoleAssignmentScheduleRequest -Name $guid -Scope $scope -ExpirationDuration PT1H -ExpirationType AfterDuration -PrincipalId 5a4bdd72-ab3e-4d8e-ab0f-8dd8917481a2 -RequestType SelfActivate -RoleDefinitionId subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7 -ScheduleInfoStartDateTime $startTime
+$scope = "/subscriptions/bbbbbbbb-cccc-dddd-2222-333333333333/"
+New-AzRoleAssignmentScheduleRequest -Name $guid -Scope $scope -ExpirationDuration PT1H -ExpirationType AfterDuration -PrincipalId aaaaaaaa-bbbb-cccc-1111-222222222222 -RequestType SelfActivate -RoleDefinitionId subscriptions/bbbbbbbb-cccc-dddd-2222-333333333333/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7 -ScheduleInfoStartDateTime $startTime
 ```
 
 ```output
 Name                                 Type                                                    Scope                                               RoleDefinitionId
 ----                                 ----                                                    -----                                               ----------------                                                                 
-12f8978c-5d8d-4fbf-b4b6-2f43eeb43eca Microsoft.Authorization/roleAssignmentScheduleRequests /subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d /subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d/providers/Microsoft.Authori…
+12f8978c-5d8d-4fbf-b4b6-2f43eeb43eca Microsoft.Authorization/roleAssignmentScheduleRequests /subscriptions/bbbbbbbb-cccc-dddd-2222-333333333333 /subscriptions/bbbbbbbb-cccc-dddd-2222-333333333333/providers/Microsoft.Authori…
 ```
 
 Creates a request to activate an eligible assignment of `roleDefinition` on the `scope` for the specified `principal`
@@ -94,14 +94,14 @@ Creates a request to activate an eligible assignment of `roleDefinition` on the
 ```powershell
 $guid = "12f8978c-5d8d-4fbf-b4b6-2f43eeb43eca"
 $startTime = Get-Date -Format o 
-$scope = "/subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d/"
-New-AzRoleAssignmentScheduleRequest -Name $guid -Scope $scope -ExpirationDuration PT1H -ExpirationType AfterDuration -PrincipalId 5a4bdd72-ab3e-4d8e-ab0f-8dd8917481a2 -RequestType SelfDeactivate -RoleDefinitionId subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7 -ScheduleInfoStartDateTime $startTime
+$scope = "/subscriptions/bbbbbbbb-cccc-dddd-2222-333333333333/"
+New-AzRoleAssignmentScheduleRequest -Name $guid -Scope $scope -ExpirationDuration PT1H -ExpirationType AfterDuration -PrincipalId aaaaaaaa-bbbb-cccc-1111-222222222222 -RequestType SelfDeactivate -RoleDefinitionId subscriptions/bbbbbbbb-cccc-dddd-2222-333333333333/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7 -ScheduleInfoStartDateTime $startTime
 ```
 
 ```output
 Name                                 Type                                                    Scope                                               RoleDefinitionId
 ----                                 ----                                                    -----                                               ----------------                                                                 
-12f8978c-5d8d-4fbf-b4b6-2f43eeb43eca Microsoft.Authorization/roleAssignmentScheduleRequests /subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d /subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d/providers/Microsoft.Authori…
+12f8978c-5d8d-4fbf-b4b6-2f43eeb43eca Microsoft.Authorization/roleAssignmentScheduleRequests /subscriptions/bbbbbbbb-cccc-dddd-2222-333333333333 /subscriptions/bbbbbbbb-cccc-dddd-2222-333333333333/providers/Microsoft.Authori…
 ```
 
 Creates a request to deactivate an eligible assignment of `roleDefinition` on the `scope` for the specified `principal`