0

I am getting this error while running a Azure devops pipeline to deploy some applications. At one stage in the pipeline we need to create resource groups in Azure before proceeding to the next stage of deploying apps. But the pipeline fails because unable to create resource groups due to authorization.

Failed to create the resource group. Error: "The client id XXXXX with object id XXXXX does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope or the scope is invalid

Please help

Improve this question

1 Answer 1

Reset to default
2

The problem is right there in the error text:

"The client id XXXXX with object id XXXXX does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope or the scope is invalid

Chances are the service principal that's used doesn't have the correct role(s) assigned to it. Find the service principal with the client id from the error message and assign them at least the Contributor role on subscription level.

The Contributor role ...

Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.

More information: Azure built-in roles.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

The same service principal works fine with the different environment like test and dev but fails in prd
@Kanna, i guess your prod env is another subscription. Probably, the SP doesn't have the same permissions as in dev and test

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.