Azure
diff --git a/‎src/Resources/Resources/ChangeLog.md
Lines changed: 1 addition & 0 deletions b/‎src/Resources/Resources/ChangeLog.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Resources/Resources/RoleAssignments/GetAzureRoleAssignmentCommand.cs
Lines changed: 7 additions & 1 deletion b/‎src/Resources/Resources/RoleAssignments/GetAzureRoleAssignmentCommand.cs
Lines changed: 7 additions & 1 deletion
diff --git a/‎src/Resources/Resources/RoleAssignments/NewAzureRoleAssignmentCommand.cs
Lines changed: 7 additions & 1 deletion b/‎src/Resources/Resources/RoleAssignments/NewAzureRoleAssignmentCommand.cs
Lines changed: 7 additions & 1 deletion
diff --git a/‎src/Resources/Resources/RoleAssignments/RemoveAzureRoleAssignmentCommand.cs
Lines changed: 8 additions & 1 deletion b/‎src/Resources/Resources/RoleAssignments/RemoveAzureRoleAssignmentCommand.cs
Lines changed: 8 additions & 1 deletion
diff --git a/‎src/Resources/Resources/RoleAssignments/SetAzureRoleAssignmentCommand.cs
Lines changed: 7 additions & 1 deletion b/‎src/Resources/Resources/RoleAssignments/SetAzureRoleAssignmentCommand.cs
Lines changed: 7 additions & 1 deletion
diff --git a/‎src/Resources/Resources/RoleDefinitions/GetAzureRoleDefinitionCommand.cs
Lines changed: 7 additions & 1 deletion b/‎src/Resources/Resources/RoleDefinitions/GetAzureRoleDefinitionCommand.cs
Lines changed: 7 additions & 1 deletion
diff --git a/‎src/Resources/Resources/RoleDefinitions/NewAzureRoleDefinitionCommand.cs
Lines changed: 9 additions & 2 deletions b/‎src/Resources/Resources/RoleDefinitions/NewAzureRoleDefinitionCommand.cs
Lines changed: 9 additions & 2 deletions
diff --git a/‎src/Resources/Resources/RoleDefinitions/RemoveAzureRoleDefinitionCommand.cs
Lines changed: 7 additions & 1 deletion b/‎src/Resources/Resources/RoleDefinitions/RemoveAzureRoleDefinitionCommand.cs
Lines changed: 7 additions & 1 deletion
diff --git a/‎src/Resources/Resources/RoleDefinitions/SetAzureRoleDefinitionCommand.cs
Lines changed: 9 additions & 2 deletions b/‎src/Resources/Resources/RoleDefinitions/SetAzureRoleDefinitionCommand.cs
Lines changed: 9 additions & 2 deletions
diff --git a/‎src/Resources/Resources/help/Get-AzRoleAssignment.md
Lines changed: 44 additions & 17 deletions b/‎src/Resources/Resources/help/Get-AzRoleAssignment.md
Lines changed: 44 additions & 17 deletions
@@ -19,6 +19,7 @@
 -->
 
 ## Upcoming Release
+* Supported `-SkipClientSideScopeValidation` in RoleAssignment and RoleDefinition related commands. [#22473]
 * Updated Bicep build logic to use --stdout flag instead of creating a temporary file on disk.
 * Fixed exception when `-ApiVersion` is specified for `Get-AzResource`, affected by some resource types.
 
 
@@ -218,6 +218,9 @@ public class GetAzureRoleAssignmentCommand : ResourcesBaseCmdlet
             HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
         public SwitchParameter IncludeClassicAdministrators { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "If specified, skip client side scope validation.")]
+        public SwitchParameter SkipClientSideScopeValidation { get; set; }
+
         #endregion
 
 
@@ -251,7 +254,10 @@ public override void ExecuteCmdlet()
                 WriteTerminatingError(ProjectResources.ScopeAndSubscriptionNeitherProvided);
             }
 
-            AuthorizationClient.ValidateScope(options.Scope, true);
+            if (!SkipClientSideScopeValidation.IsPresent)
+            {
+                AuthorizationClient.ValidateScope(options.Scope, true);
+            }
 
             List<PSRoleAssignment> ra = PoliciesClient.FilterRoleAssignments(options, DefaultProfile.DefaultContext.Subscription?.Id?.ToString());
 
 
@@ -250,6 +250,9 @@ public class NewAzureRoleAssignmentCommand : ResourcesBaseCmdlet
         [ValidateNotNullOrEmpty]
         public SwitchParameter AllowDelegation { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "If specified, skip client side scope validation.")]
+        public SwitchParameter SkipClientSideScopeValidation { get; set; }
+
         #endregion
 
         public Guid RoleAssignmentId { get; set; } = default(Guid);
@@ -337,7 +340,10 @@ public override void ExecuteCmdlet()
                 WriteTerminatingError(ProjectResources.ScopeAndSubscriptionNeitherProvided);
             }
 
-            AuthorizationClient.ValidateScope(parameters.Scope, true);
+            if (!SkipClientSideScopeValidation.IsPresent)
+            {
+                AuthorizationClient.ValidateScope(parameters.Scope, true);
+            }
 
             WriteObject(PoliciesClient.CreateRoleAssignment(parameters, RoleAssignmentId));
         }
 
@@ -161,6 +161,9 @@ public class RemoveAzureRoleAssignmentCommand : ResourcesBaseCmdlet
         [Parameter(Position = 0, Mandatory = true, ValueFromPipeline = true, ParameterSetName = ParameterSet.RoleAssignment, HelpMessage = "Role Assignment.")]
         public PSRoleAssignment InputObject { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "If specified, skip client side scope validation.")]
+        public SwitchParameter SkipClientSideScopeValidation { get; set; }
+
         public override void ExecuteCmdlet()
         {
             IEnumerable<PSRoleAssignment> roleAssignments = null;
@@ -201,7 +204,11 @@ public override void ExecuteCmdlet()
                 WriteTerminatingError(ProjectResources.ScopeAndSubscriptionNeitherProvided);
             }
 
-            AuthorizationClient.ValidateScope(options.Scope, true);
+            if (!SkipClientSideScopeValidation.IsPresent)
+            {
+                AuthorizationClient.ValidateScope(options.Scope, true);
+            }
+
             ConfirmAction(
                 string.Format(ProjectResources.RemovingRoleAssignment, ObjectId, Scope, RoleDefinitionName),
                 ObjectId,
 
@@ -44,6 +44,9 @@ public class SetAzureRoleAssignmentCommand : ResourcesBaseCmdlet
         [Parameter(Mandatory = true, ValueFromPipeline = true, ParameterSetName = ParameterSet.RoleAssignment, HelpMessage = "Role Assignment.")]
         public PSRoleAssignment InputObject { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "If specified, skip client side scope validation.")]
+        public SwitchParameter SkipClientSideScopeValidation { get; set; }
+
         [Parameter(Mandatory = false)]
         public SwitchParameter PassThru { get; set; }
         #endregion
@@ -95,7 +98,10 @@ public override void ExecuteCmdlet()
             }
 
             // Validate the request
-            AuthorizationClient.ValidateScope(parameters.Scope, false);
+            if (!SkipClientSideScopeValidation.IsPresent)
+            {
+                AuthorizationClient.ValidateScope(parameters.Scope, false);
+            }
             bool isValidRequest = true;
 
             // Check that only Description, Condition and ConditionVersion have been changed, if anything else is changed the whole request fails
 
@@ -51,6 +51,9 @@ public class GetAzureRoleDefinitionCommand : ResourcesBaseCmdlet
             HelpMessage = "If specified, only displays the custom created roles in the directory.")]
         public SwitchParameter Custom { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "If specified, skip client side scope validation.")]
+        public SwitchParameter SkipClientSideScopeValidation { get; set; }
+
         #endregion
 
 
@@ -73,7 +76,10 @@ public override void ExecuteCmdlet()
                 WriteTerminatingError(ProjectResources.ScopeAndSubscriptionNeitherProvided);
             }
 
-            AuthorizationClient.ValidateScope(options.Scope, true);
+            if (!SkipClientSideScopeValidation.IsPresent)
+            {
+                AuthorizationClient.ValidateScope(options.Scope, true);
+            }
 
             IEnumerable<PSRoleDefinition> filteredRoleDefinitions = PoliciesClient.FilterRoleDefinitions(options);
 
 
@@ -41,6 +41,9 @@ public class NewAzureRoleDefinitionCommand : ResourcesBaseCmdlet
 
         public Guid RoleDefinitionId { get; set; } = default(Guid);
 
+        [Parameter(Mandatory = false, HelpMessage = "If specified, skip client side scope validation.")]
+        public SwitchParameter SkipClientSideScopeValidation { get; set; }
+
         public override void ExecuteCmdlet()
         {
             PSRoleDefinition role = null;
@@ -67,8 +70,12 @@ public override void ExecuteCmdlet()
                 role = Role;
             }
 
-            foreach(var scope in role.AssignableScopes) {
-                AuthorizationClient.ValidateScope(scope, false);
+            if (!SkipClientSideScopeValidation.IsPresent)
+            {
+                foreach (var scope in role.AssignableScopes)
+                {
+                    AuthorizationClient.ValidateScope(scope, false);
+                }
             }
 
             WriteObject(PoliciesClient.CreateRoleDefinition(role, RoleDefinitionId));
 
@@ -50,6 +50,9 @@ public class RemoveAzureRoleDefinitionCommand : ResourcesBaseCmdlet
         [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleDefinitionId, HelpMessage = "Scope of the existing role definition.")]
         public string Scope { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "If specified, skip client side scope validation.")]
+        public SwitchParameter SkipClientSideScopeValidation { get; set; }
+
         [Parameter(Mandatory = false)]
         public SwitchParameter Force { get; set; }
 
@@ -98,7 +101,10 @@ public override void ExecuteCmdlet()
                 WriteTerminatingError(ProjectResources.ScopeAndSubscriptionNeitherProvided);
             }
 
-            AuthorizationClient.ValidateScope(options.Scope, true);
+            if (!SkipClientSideScopeValidation.IsPresent)
+            {
+                AuthorizationClient.ValidateScope(options.Scope, true);
+            }
 
             ConfirmAction(
                 Force.IsPresent,
 
@@ -38,6 +38,9 @@ public class SetAzureRoleDefinitionCommand : ResourcesBaseCmdlet
         [Parameter(Mandatory = true, ValueFromPipeline = true, ParameterSetName = ParameterSet.RoleDefinition, HelpMessage = "Role definition.")]
         public PSRoleDefinition Role { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "If specified, skip client side scope validation.")]
+        public SwitchParameter SkipClientSideScopeValidation { get; set; }
+
         public override void ExecuteCmdlet()
         {
             PSRoleDefinition role = null;
@@ -62,8 +65,12 @@ public override void ExecuteCmdlet()
 
             role = role ?? Role;
 
-            foreach (var scope in role.AssignableScopes) {
-                AuthorizationClient.ValidateScope(scope, false);
+            if (!SkipClientSideScopeValidation.IsPresent)
+            {
+                foreach (var scope in role.AssignableScopes)
+                {
+                    AuthorizationClient.ValidateScope(scope, false);
+                }
             }
 
             WriteObject(PoliciesClient.UpdateRoleDefinition(role));
 
@@ -28,107 +28,119 @@ Please notice that this cmdlet will mark `ObjectType` as `Unknown` in output if
 ### EmptyParameterSet (Default)
 ```
 Get-AzRoleAssignment [-RoleDefinitionName <String>] [-IncludeClassicAdministrators]
- [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ [-SkipClientSideScopeValidation] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
 
 ### ObjectIdParameterSet
 ```
 Get-AzRoleAssignment -ObjectId <String> [-RoleDefinitionName <String>] [-ExpandPrincipalGroups]
- [-IncludeClassicAdministrators] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ [-IncludeClassicAdministrators] [-SkipClientSideScopeValidation] [-DefaultProfile <IAzureContextContainer>]
+ [<CommonParameters>]
 ```
 
 ### ResourceGroupWithObjectIdParameterSet
 ```
 Get-AzRoleAssignment -ObjectId <String> -ResourceGroupName <String> [-RoleDefinitionName <String>]
- [-IncludeClassicAdministrators] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ [-IncludeClassicAdministrators] [-SkipClientSideScopeValidation] [-DefaultProfile <IAzureContextContainer>]
+ [<CommonParameters>]
 ```
 
 ### ResourceWithObjectIdParameterSet
 ```
 Get-AzRoleAssignment -ObjectId <String> -ResourceGroupName <String> -ResourceName <String>
  -ResourceType <String> [-ParentResource <String>] [-RoleDefinitionName <String>]
- [-IncludeClassicAdministrators] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ [-IncludeClassicAdministrators] [-SkipClientSideScopeValidation] [-DefaultProfile <IAzureContextContainer>]
+ [<CommonParameters>]
 ```
 
 ### ScopeWithObjectIdParameterSet
 ```
 Get-AzRoleAssignment -ObjectId <String> [-RoleDefinitionName <String>] -Scope <String>
- [-IncludeClassicAdministrators] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ [-IncludeClassicAdministrators] [-SkipClientSideScopeValidation] [-DefaultProfile <IAzureContextContainer>]
+ [<CommonParameters>]
 ```
 
 ### RoleIdWithScopeAndObjectIdParameterSet
 ```
 Get-AzRoleAssignment [-ObjectId <String>] -RoleDefinitionId <Guid> [-Scope <String>]
- [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ [-SkipClientSideScopeValidation] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
 
 ### ResourceGroupWithSignInNameParameterSet
 ```
 Get-AzRoleAssignment -SignInName <String> -ResourceGroupName <String> [-RoleDefinitionName <String>]
- [-IncludeClassicAdministrators] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ [-IncludeClassicAdministrators] [-SkipClientSideScopeValidation] [-DefaultProfile <IAzureContextContainer>]
+ [<CommonParameters>]
 ```
 
 ### ResourceWithSignInNameParameterSet
 ```
 Get-AzRoleAssignment -SignInName <String> -ResourceGroupName <String> -ResourceName <String>
  -ResourceType <String> [-ParentResource <String>] [-RoleDefinitionName <String>]
- [-IncludeClassicAdministrators] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ [-IncludeClassicAdministrators] [-SkipClientSideScopeValidation] [-DefaultProfile <IAzureContextContainer>]
+ [<CommonParameters>]
 ```
 
 ### ScopeWithSignInNameParameterSet
 ```
 Get-AzRoleAssignment -SignInName <String> [-RoleDefinitionName <String>] -Scope <String>
- [-IncludeClassicAdministrators] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ [-IncludeClassicAdministrators] [-SkipClientSideScopeValidation] [-DefaultProfile <IAzureContextContainer>]
+ [<CommonParameters>]
 ```
 
 ### SignInNameParameterSet
 ```
 Get-AzRoleAssignment -SignInName <String> [-RoleDefinitionName <String>] [-ExpandPrincipalGroups]
- [-IncludeClassicAdministrators] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ [-IncludeClassicAdministrators] [-SkipClientSideScopeValidation] [-DefaultProfile <IAzureContextContainer>]
+ [<CommonParameters>]
 ```
 
 ### ResourceGroupWithSPNParameterSet
 ```
 Get-AzRoleAssignment -ServicePrincipalName <String> -ResourceGroupName <String> [-RoleDefinitionName <String>]
- [-IncludeClassicAdministrators] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ [-IncludeClassicAdministrators] [-SkipClientSideScopeValidation] [-DefaultProfile <IAzureContextContainer>]
+ [<CommonParameters>]
 ```
 
 ### ResourceWithSPNParameterSet
 ```
 Get-AzRoleAssignment -ServicePrincipalName <String> -ResourceGroupName <String> -ResourceName <String>
  -ResourceType <String> [-ParentResource <String>] [-RoleDefinitionName <String>]
- [-IncludeClassicAdministrators] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ [-IncludeClassicAdministrators] [-SkipClientSideScopeValidation] [-DefaultProfile <IAzureContextContainer>]
+ [<CommonParameters>]
 ```
 
 ### ScopeWithSPNParameterSet
 ```
 Get-AzRoleAssignment -ServicePrincipalName <String> [-RoleDefinitionName <String>] -Scope <String>
- [-IncludeClassicAdministrators] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ [-IncludeClassicAdministrators] [-SkipClientSideScopeValidation] [-DefaultProfile <IAzureContextContainer>]
+ [<CommonParameters>]
 ```
 
 ### SPNParameterSet
 ```
 Get-AzRoleAssignment -ServicePrincipalName <String> [-RoleDefinitionName <String>]
- [-IncludeClassicAdministrators] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ [-IncludeClassicAdministrators] [-SkipClientSideScopeValidation] [-DefaultProfile <IAzureContextContainer>]
+ [<CommonParameters>]
 ```
 
 ### ResourceGroupParameterSet
 ```
 Get-AzRoleAssignment -ResourceGroupName <String> [-RoleDefinitionName <String>] [-IncludeClassicAdministrators]
- [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ [-SkipClientSideScopeValidation] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
 
 ### ResourceParameterSet
 ```
 Get-AzRoleAssignment -ResourceGroupName <String> -ResourceName <String> -ResourceType <String>
  [-ParentResource <String>] [-RoleDefinitionName <String>] [-IncludeClassicAdministrators]
- [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ [-SkipClientSideScopeValidation] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
 
 ### ScopeParameterSet
 ```
 Get-AzRoleAssignment [-RoleDefinitionName <String>] -Scope <String> [-IncludeClassicAdministrators]
- [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ [-SkipClientSideScopeValidation] [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -426,6 +438,21 @@ Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
 
+### -SkipClientSideScopeValidation
+If specified, skip client side scope validation.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### CommonParameters
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).