The client xxx with object id xxx does not have authorization to perform action Microsoft.Resources/subscriptions/resourcegroups/write' over scope
you cant be trying with global administrator, obviously. you need to go to you subscription and grant objectid 'ae8bc2ea-9680-4f66-934c-ad40b82c30ac' contributor permissions (easy way) or create a custom role (or figure predefined role) that meets your needs.
you can use portal to do that or azure powershell:
New-AzRoleAssignment -ObjectId 'ae8bc2ea-9680-4f66-934c-ad40b82c30ac' -Scope '/subscriptions/e9d61100-a82a-48ca-b6f8-51b06a1eebe6' -RoleDefinitionName contributor
the equivalent Azure CLI command is:
az role assignment create --assignee-object-id ae8bc2ea-9680-4f66-934c-ad40b82c30ac --scope subscriptions/e9d61100-a82a-48ca-b6f8-51b06a1eebe6 --role contributor
![Nilay Mehta](https://i.stack.imgur.com/hAYm2.jpg?s=256&g=1)
Comments
-
Nilay Mehta about 2 years
I am trying to create a Resource Group dynamically using Azure Management SDK Here are my azure configuration details
subscription=<private-data> client=<private-data> key=<private-data> tenant=<private-data> managementURI=https://management.core.windows.net/ baseURL=https://management.azure.com/ authURL=https://login.windows.net/ graphURL=https://graph.windows.net/
Here is code for creating Resource
// Credentials AzureCredentials credentials = new AzureCredentialsFactory() .FromFile("azureauth.properties"); string resourceName = GetRandomString(); // Create Azure Instance var azure = Azure .Configure() .Authenticate(credentials) .WithDefaultSubscription(); // Create a Resource Group azure.ResourceGroups .Define(resourceName) .WithRegion(Region.USWest) .Create();
The error that I got is:
The client 'ae8bc2ea-9680-4f66-934c-ad40b82c30ac' with object id 'ae8bc2ea-9680-4f66-934c-ad40b82c30ac' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/e9d61100-a82a-48ca-b6f8-51b06a1eebe6/resourcegroups/5oxjhjic'.
I have followed steps specified on https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal
As well as I am trying with my Global Administrator account