I was seeing the same error until I followed the steps in the documentation on resource management private links:
The Global Administrator for the Azure Active Directory doesn't automatically have permission to assign roles at the root management group. To enable creating resource management private links, the Global Administrator must have permission to read root management group and elevate access to have User Access Administrator permission on all subscriptions and management groups in the tenant. After getting the User Access Administrator permission, the Global Administrator must grant Owner or Contributor permission at the root management group to the user creating the private link association.
Once I changed my Azure Active Directory settings so that I had User Access Administrator role in the root scope and had added myself as owner to the management group, I was able to create a resource management private link.
My guess is that being owner of the resource group, rather than being a subscription/tenant owner, is the problem. The resource management private link changes permissions at the tenant level -- which is a level above resource groups.