diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py
index 03cf21ca5aa1..8c80c69032e5 100644
--- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py
+++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py
@@ -3,6 +3,7 @@
 # Licensed under the MIT License.
 # ------------------------------------
 from typing import TYPE_CHECKING
+from uuid import uuid4
 
 from azure.core.tracing.decorator import distributed_trace
 
@@ -10,6 +11,7 @@
 from ._internal import KeyVaultClientBase
 
 if TYPE_CHECKING:
+    # pylint:disable=ungrouped-imports
     from typing import Any, Union
     from uuid import UUID
     from azure.core.paging import ItemPaged
@@ -27,18 +29,18 @@ class KeyVaultAccessControlClient(KeyVaultClientBase):
     # pylint:disable=protected-access
 
     @distributed_trace
-    def create_role_assignment(self, role_scope, role_assignment_name, role_definition_id, principal_id, **kwargs):
-        # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], str, str, **Any) -> KeyVaultRoleAssignment
+    def create_role_assignment(self, role_scope, role_definition_id, principal_id, **kwargs):
+        # type: (Union[str, KeyVaultRoleScope], str, str, **Any) -> KeyVaultRoleAssignment
         """Create a role assignment.
 
         :param role_scope: scope the role assignment will apply over. :class:`KeyVaultRoleScope` defines common
             broad scopes. Specify a narrower scope as a string.
         :type role_scope: str or KeyVaultRoleScope
-        :param role_assignment_name: a name for the role assignment. Must be a UUID.
-        :type role_assignment_name: str or uuid.UUID
         :param str role_definition_id: ID of the role's definition
         :param str principal_id: Azure Active Directory object ID of the principal which will be assigned the role. The
             principal can be a user, service principal, or security group.
+        :keyword role_assignment_name: a name for the role assignment. Must be a UUID.
+        :type role_assignment_name: str or uuid.UUID
         :rtype: KeyVaultRoleAssignment
         """
         create_parameters = self._client.role_assignments.models.RoleAssignmentCreateParameters(
@@ -49,7 +51,7 @@ def create_role_assignment(self, role_scope, role_assignment_name, role_definiti
         assignment = self._client.role_assignments.create(
             vault_base_url=self._vault_url,
             scope=role_scope,
-            role_assignment_name=role_assignment_name,
+            role_assignment_name=kwargs.pop("role_assignment_name", None) or uuid4(),
             parameters=create_parameters,
             **kwargs
         )
diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py
index fcc0fa53ede6..0104e25c2365 100644
--- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py
+++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py
@@ -3,6 +3,7 @@
 # Licensed under the MIT License.
 # ------------------------------------
 from typing import TYPE_CHECKING
+from uuid import uuid4
 
 from azure.core.tracing.decorator import distributed_trace
 from azure.core.tracing.decorator_async import distributed_trace_async
@@ -11,6 +12,7 @@
 from .._internal import AsyncKeyVaultClientBase
 
 if TYPE_CHECKING:
+    # pylint:disable=ungrouped-imports
     from typing import Any, Union
     from uuid import UUID
     from azure.core.async_paging import AsyncItemPaged
@@ -29,23 +31,18 @@ class KeyVaultAccessControlClient(AsyncKeyVaultClientBase):
 
     @distributed_trace_async
     async def create_role_assignment(
-        self,
-        role_scope: "Union[str, KeyVaultRoleScope]",
-        role_assignment_name: "Union[str, UUID]",
-        role_definition_id: str,
-        principal_id: str,
-        **kwargs: "Any"
+        self, role_scope: "Union[str, KeyVaultRoleScope]", role_definition_id: str, principal_id: str, **kwargs: "Any"
     ) -> KeyVaultRoleAssignment:
         """Create a role assignment.
 
         :param role_scope: scope the role assignment will apply over. :class:`KeyVaultRoleScope` defines common broad
             scopes. Specify a narrower scope as a string.
         :type role_scope: str or KeyVaultRoleScope
-        :param role_assignment_name: a name for the role assignment. Must be a UUID.
-        :type role_assignment_name: str or uuid.UUID
         :param str role_definition_id: ID of the role's definition
         :param str principal_id: Azure Active Directory object ID of the principal which will be assigned the role. The
             principal can be a user, service principal, or security group.
+        :keyword role_assignment_name: a name for the role assignment. Must be a UUID.
+        :type role_assignment_name: str or uuid.UUID
         :rtype: KeyVaultRoleAssignment
         """
         create_parameters = self._client.role_assignments.models.RoleAssignmentCreateParameters(
@@ -56,7 +53,7 @@ async def create_role_assignment(
         assignment = await self._client.role_assignments.create(
             vault_base_url=self._vault_url,
             scope=role_scope,
-            role_assignment_name=role_assignment_name,
+            role_assignment_name=kwargs.pop("role_assignment_name", None) or uuid4(),
             parameters=create_parameters,
             **kwargs
         )
diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py
index d2bf339766a2..e5939966d22e 100644
--- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py
+++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py
@@ -66,7 +66,7 @@ def test_role_assignment(self, client):
         principal_id = self.get_service_principal_id()
         name = self.get_replayable_uuid("some-uuid")
 
-        created = client.create_role_assignment(scope, name, definition.id, principal_id)
+        created = client.create_role_assignment(scope, definition.id, principal_id, role_assignment_name=name)
         assert created.name == name
         assert created.principal_id == principal_id
         assert created.role_definition_id == definition.id
diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py
index d0cd50d36534..75985b090060 100644
--- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py
+++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py
@@ -71,7 +71,7 @@ async def test_role_assignment(self, client):
         principal_id = self.get_service_principal_id()
         name = self.get_replayable_uuid("some-uuid")
 
-        created = await client.create_role_assignment(scope, name, definition.id, principal_id)
+        created = await client.create_role_assignment(scope, definition.id, principal_id, role_assignment_name=name)
         assert created.name == name
         assert created.principal_id == principal_id
         assert created.role_definition_id == definition.id