When deploying resources in Azure using Bicep, occasionally you will have to assign rights to a user or principal to perform certain actions. For example, authorizing an app service to access a storage account. Initially you would create something like this: // Assume we have an app service with a System Assigned managed service identity var principalId = appService.identity.principalId; resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing = { name: 'some-existing-storage-account' } resource roleAuthorization 'Microsoft. …