massimolpc

I just had the same problem few days ago. If you see the plan message the problem is the scope of the role definition, this forces a destroy/create Fix by...

@erenabiri role_definition_id is wrongly formatted for scope subscription. Check under Example Usage (Subscription) on official docs https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/pim_eligible_role_assignment role_definition_id = "${data.azurerm_subscription.primary.id}${data.azurerm_role_definition.example.id}"