The client xxx with object id xxx does not have authorization to perform action Microsoft.Resources/subscriptions/resourcegroups/write' over scope

azure azure-active-directory
11,357

you cant be trying with global administrator, obviously. you need to go to you subscription and grant objectid 'ae8bc2ea-9680-4f66-934c-ad40b82c30ac' contributor permissions (easy way) or create a custom role (or figure predefined role) that meets your needs.

you can use portal to do that or azure powershell:

New-AzRoleAssignment -ObjectId 'ae8bc2ea-9680-4f66-934c-ad40b82c30ac' -Scope '/subscriptions/e9d61100-a82a-48ca-b6f8-51b06a1eebe6' -RoleDefinitionName contributor

the equivalent Azure CLI command is:

az role assignment create --assignee-object-id ae8bc2ea-9680-4f66-934c-ad40b82c30ac --scope subscriptions/e9d61100-a82a-48ca-b6f8-51b06a1eebe6 --role contributor
Share:
11,357
Nilay Mehta
Author by

Nilay Mehta

Hy, I am Developer from Ahmedabad, India.

Updated on June 04, 2022

Comments

  • Nilay Mehta
    Nilay Mehta about 2 years

    I am trying to create a Resource Group dynamically using Azure Management SDK Here are my azure configuration details

    subscription=<private-data>
client=<private-data>
key=<private-data>
tenant=<private-data>
managementURI=https://management.core.windows.net/
baseURL=https://management.azure.com/
authURL=https://login.windows.net/
graphURL=https://graph.windows.net/

    Here is code for creating Resource

    // Credentials
AzureCredentials credentials = new AzureCredentialsFactory()
    .FromFile("azureauth.properties");
string resourceName = GetRandomString();

// Create Azure Instance
var azure = Azure
        .Configure()
        .Authenticate(credentials)
        .WithDefaultSubscription();

// Create a Resource Group
azure.ResourceGroups
        .Define(resourceName)
        .WithRegion(Region.USWest)
        .Create();

    The error that I got is:

    The client 'ae8bc2ea-9680-4f66-934c-ad40b82c30ac' with object id 'ae8bc2ea-9680-4f66-934c-ad40b82c30ac' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/e9d61100-a82a-48ca-b6f8-51b06a1eebe6/resourcegroups/5oxjhjic'.

    I have followed steps specified on https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal
    As well as I am trying with my Global Administrator account

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How do I get all the details of an Azure AD computer object?
Unable to get bearer token from Azure AD to use with API App
Get-AzureKeyVaultSecret : Operation returned an invalid status code 'Forbidden'
Azure AD B2C password expiration
Get Azure Active Directory Token with username and password
On premise Active Directory ObjectId is different than Azure Active Directory ObjectId
Failure to generate access token using refresh token for O365 API
Check if username exist in Microsoft Azure Active Directory
AADSTS900144: The request body must contain the following parameter: 'scope' when using legacy Developer Portal
Establish trust between two azure AD