Caller is not authorized to perform action on resource even though I have owner role on the Azure Key Vault and also subscription

Question

**CODE**: Forbidden

**MESSAGE**
The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes 
for role assignments to become effective.
**RAW ERROR**
Caller is not authorized to perform action on resource. If role assignments, deny assignments or 
role definitions were changed recently, please observe propagation time. 
Caller: appid=guidId;oid=guidid;iss=https://sts.windows.net/guidid/ Action: 'Microsoft.KeyVault/vaults/secrets/setSecret/action' 
**Resource**: '/subscriptions/subs_id/resourcegroups/networkwatcherrg/providers/microsoft.keyvault/vaults/vickyskeyvault001/secrets/productiondbpassword' 
Assignment: (not found) DenyAssignmentId: null DecisionReason: null Vault: vickyskeyvault001;location=centralindia

Even though I have owner role on keyvault and also subscription:

It's been more than 10 minutes, the message didn't go:

Message: The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes for role assignments to become effective.

Answer 1

The error usually occurs if the user or service principal does not have key vault related roles assigned, while working with Azure key vaults.

When I tried to create keys in Azure Key Vault with Owner role, I too got same error like this:

To resolve the error, make sure to assign key vault related roles like Key Vault Administrator to the user or service principal:

Once this role is assigned, the warning message gone and I'm able to create keys successfully in key vault like this: