question

DonOrvo-4653 avatar image
0 Votes"
DonOrvo-4653 asked MarileeTurscak-MSFT answered

Does not have authorization when deploying enterprise-scale landing zone via github

I am getting this error when I tried to create a landing zone on my tenant.

The client 'live.com#itsmeemp1ror@gmail.com' with object id '95edad87-fef0-4045-b2c1-8105dc5d8716' does not have authorization to perform action 'Microsoft.Resources/deployments/validate/action' over scope '/providers/Microsoft.Resources/deployments/NoMarketplace-20210419125003' or the scope is invalid. If access was recently granted, please refresh your credentials. (Code: AuthorizationFailed)

This is the link that I am using for creating the landing zone:
https://github.com/Azure/Enterprise-Scale/blob/main/docs/reference/adventureworks/README.md#pre-requisites

I already assigned "owner" role under tenant root group and elevated the access for a global administrator.

What else can I check for me to create this enterprise-scale landing zone using the link in github?

azure-rbac
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered

As you said, the Owner role should be enough. So the issue is likely one of these problems:

  1. You are authenticated under a different user than the one that is trying to create a landing zone.

  2. You are deploying to the wrong resource group.

  3. You are deploying to the wrong subscription. (You can use "Get-AzContext" to check for this.)

(See related SO thread.)

See also: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/error-register-resource-provider

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.