I am trying to create a Resource Group dynamically using Azure Management SDK Here are my azure configuration details
subscription=<private-data>
client=<private-data>
key=<private-data>
tenant=<private-data>
managementURI=https://management.core.windows.net/
baseURL=https://management.azure.com/
authURL=https://login.windows.net/
graphURL=https://graph.windows.net/
Here is code for creating Resource
// Credentials
AzureCredentials credentials = new AzureCredentialsFactory()
.FromFile("azureauth.properties");
string resourceName = GetRandomString();
// Create Azure Instance
var azure = Azure
.Configure()
.Authenticate(credentials)
.WithDefaultSubscription();
// Create a Resource Group
azure.ResourceGroups
.Define(resourceName)
.WithRegion(Region.USWest)
.Create();
The error that I got is:
The client 'ae8bc2ea-9680-4f66-934c-ad40b82c30ac' with object id 'ae8bc2ea-9680-4f66-934c-ad40b82c30ac' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/e9d61100-a82a-48ca-b6f8-51b06a1eebe6/resourcegroups/5oxjhjic'.
I have followed steps specified on https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal
As well as I am trying with my Global Administrator account
1 Search on Azure Active Directory for the client GUID or object id present in the error message. This will give you the aplication you should select to assign access to on the Add Permission screen as shown in the answer prints. – Ulysses Alves Mar 16 at 19:04 | Show 3more comments 8
Contributor will not be enough. Even owner may not potentially be enough as Azure access is different then Azure Active Directory access since you are trying to write to Azure AD to grant the permissions. Does this answer your question? Deployment of ARM: Authorization failed for template resource 'sql
Since the customer is trying to use the ADF client from inside Azure Function, the recommendation is to use AAD application and service principal for authentication of ADF client. You can find the instructions for creating AAD application and service principal here:
To resolve this, first check whether you have got access to the Azure DevOps Organization by checking via Web portal and In case if you are trying to clone a Repo from Azure DevOps check with your Administrator when you have got the required access to Clone the repositories (You should be having basic access to Clone the repos).
you cant be trying with global administrator, obviously. you need to go to you subscription and grant objectid 'ae8bc2ea-9680-4f66-934c-ad40b82c30ac' contributor permissions (easy way) or create a custom role (or figure predefined role) that meets your needs.
you can use portal to do that or azure powershell:
New-AzRoleAssignment -ObjectId 'ae8bc2ea-9680-4f66-934c-ad40b82c30ac' -Scope '/subscriptions/e9d61100-a82a-48ca-b6f8-51b06a1eebe6' -RoleDefinitionName contributor
the equivalent Azure CLI command is:
az role assignment create --assignee-object-id ae8bc2ea-9680-4f66-934c-ad40b82c30ac --scope subscriptions/e9d61100-a82a-48ca-b6f8-51b06a1eebe6 --role contributor
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With