Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
672 questions
3 answers
User don’t have authorization to perform action 'Microsoft.Resources/deployments/validate/action
Whenever a new user added to the directory tries to deploy custom azure templates, they get the following validation error - User don't have authorization to perform action 'Microsoft.Resources/deployments/validate/action Following roles are already…
asked 2021-06-13T06:29:32.047+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 69%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Rabia Mehta
11
Reputation points
commented 2024-03-31T00:07:54.87+00:00
Intikhab Alam
0
Reputation points
1 answer
Problem to generate blob storage SAS-token in WebApp
Hi, First I want to let you know that I'm beginner with Azure. I have a problem to generate SAS-token (view-access token) for my blob storage container in my webapp server code. I'll get an 403 (unauthorized) error when trying to generate the token. I…
asked 2024-03-18T16:14:03.3+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 28.999999999999996%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAT%3C/text%3E%3C/svg%3E)
Anton Tokola
0
Reputation points
commented 2024-03-29T16:38:07.3766667+00:00
Akshay-MSFT
16,031
Reputation points Microsoft Employee
3 answers
One of the answers was accepted by the question author.
Azure Subscription showing Owner role identity not found.
Hello, I am facing a strange issue. When I am checking my Azure Subscription, Access control (IAM) - The owner role is showing - Identity not found, Unable to find identity. Here is the screenshot. Can you help? Thanks, Anuraj
asked 2024-03-15T13:22:21.61+00:00
Anuraj
166
Reputation points MVP
commented 2024-03-28T08:08:47.8666667+00:00
Stanislav Zhelyazkov
21,336
Reputation points MVP
1 answer
Build in Rbac Monitoring
I used this Azure document to create a build in rbac alert https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-alert But the problem is, after the alert was created I am not receiving an email when the rbac is assigned to…
asked 2023-06-29T15:20:40.0866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 94%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAF%3C/text%3E%3C/svg%3E)
Azoh,Felix F
0
Reputation points
commented 2024-03-27T16:39:07.4633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 35%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EST%3C/text%3E%3C/svg%3E)
Sahith Thatipalli
40
Reputation points
7 answers
"Insufficient privileges to complete the operation" while using Graph API
The access token I get from the following curl request curl "$IDENTITY_ENDPOINT?resource=https://graph.microsoft.com&api-version=2017-09-01" -H secret:$IDENTITY_HEADER does not have the permission to list or create user. Request: GET…
asked 2020-12-14T17:46:54.273+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
commented 2024-03-27T12:58:22.9333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 98%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGG%3C/text%3E%3C/svg%3E)
Ger Groot
0
Reputation points
2 answers
How to assign Reader Access to an Azure SQL Database
Is assigning a Reader Role access in the Azure Server level to XXXXXXX-sql-01.database.windows.net sufficient to view/read tables or databases hosted on the SQL Server? How can I properly assign a Reader role to XXXXXXX-sql-01.database.windows.net?
asked 2024-03-20T08:48:39.3166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 62%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETR%3C/text%3E%3C/svg%3E)
TSHEPHO RAPHOLO
100
Reputation points
answered 2024-03-26T04:26:34.3366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 4%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
ShaktiSingh-MSFT
13,436
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Move Subscription to Management Group
Hi Team, We have created management groups (have Owner access) and have a few subscriptions with Owner access. When we try to move the subscriptions to the management groups from portal , getting error as below Add subscription failed. An error…
asked 2024-03-22T16:08:22.57+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 69%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES1%3C/text%3E%3C/svg%3E)
SujinaSJ-1789
231
Reputation points
accepted 2024-03-26T03:58:44.7833333+00:00
SujinaSJ-1789
231
Reputation points
1 answer
One of the answers was accepted by the question author.
I need to create a policy that blocks sign in of M365 accounts if MFA is not enabled, How do I do this?
Hi, as described above, I need to create a policy that blocks sign in of office 365 accounts, if the account in question does not have MFA enabled on it, how can I achieve this? Thanks!
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
672 questions
Office Management
Office Management
Office: A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.Management: The act or process of organizing, handling, directing or controlling something.
2,010 questions
Microsoft Entra
1,978 questions
asked 2024-03-19T09:06:40.5033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 83%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAW%3C/text%3E%3C/svg%3E)
Alex West
20
Reputation points
edited the question 2024-03-26T00:23:54.0833333+00:00
Emi Zhang-MSFT
22,011
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
How to create an alert for azure storage account if there is data action permissions assigned to a custom role or a built in role
I want to create an alert using a Kusto query when a custom role is assigned data action permissions for azure storage account or a current role is modified with the data action permissions for the azure storage account
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,812 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,436 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
966 questions
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
672 questions
asked 2024-03-19T18:48:27.7766667+00:00
Sahith Thatipalli
40
Reputation points
accepted 2024-03-22T17:16:22.5266667+00:00
Sahith Thatipalli
40
Reputation points
1 answer
Giving access to multiple Resource Group
Can you please help me how to give Contributor access in 'managedidentity1' to multiple resource group (eg : RG1, RG2, RG3)?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 80%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
2 answers
How to change account administrator for an Azure subscription
Hi guys, I have to change classic subscription administrator roles (I know they will be retired next year), because I don't want the guy who created the subscription to have those roles anymore. To do that I logged in with his account and changed the…
asked 2023-09-12T14:13:50.32+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 47%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENB%3C/text%3E%3C/svg%3E)
Nicola Bonacina
0
Reputation points
commented 2024-03-22T00:57:13.7766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 15%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
Juan Pablo Monzon
0
Reputation points
1 answer
Errors Role assignment creation failed & subscription identifier is malformed or invalid.
I am preparing for Azure DevOps exam. Using this link, trying to create service principal. (link:…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 45%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGD%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
1 answer
Deleted Virtual Network restricting access of my Global Admin account
Hi, I have an issue where if I try to run certain commands or do certain actions I am being blocked from doing so. When running commands in Powershell, such as "Set-AzWebApp", I get a "BadRequest" error. It becomes a little clearer…
asked 2024-03-18T09:05:04.4966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 95%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELM%3C/text%3E%3C/svg%3E)
Lukasz Maliszewski
0
Reputation points
commented 2024-03-21T04:29:05.5266667+00:00
VenkateshDodda-MSFT
18,436
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Why ceating private endpoint in existing key vault blocks the public access from all network as well as selected network fails?
In Key Vault, Customer firewall is set to public and some to selected network with list of IPs. As soon as we create private endpoint, all other previous connection with pubic/selected network fails. But based on below documentation, I would like…
asked 2022-09-26T18:41:02.043+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 40%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
Dinesh Madhup
46
Reputation points Microsoft Employee
accepted 2024-03-21T00:28:13.5933333+00:00
Dinesh Madhup
46
Reputation points Microsoft Employee
1 answer
Possible in azure to view roles required to view specific resource?
So I am wondering if you can view through IAM or some other blade what role is necessary to access resources. EX. with Key Vault, To be able to view and change keys and secrets you need "Key Vault Administrator" Role. When Clicking "View…
asked 2024-03-19T16:51:13.46+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 42%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E1%3C/text%3E%3C/svg%3E)
18203024
60
Reputation points
edited the question 2024-03-20T02:39:15.2733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 64%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EON%3C/text%3E%3C/svg%3E)
OMMI NAVEEN KUMAR
195
Reputation points Microsoft Vendor
0 answers
Granting permission to managed identity for PIM approvals
I am building a logic app that will send adaptive cards in teams to PIM role approvers when a user requests to activate it. However, I am unable to find a way to allow a managed identity within the logic app to authenticate via the graph API to approve…
asked 2024-03-15T17:54:22.8466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 34%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Jack S
0
Reputation points
commented 2024-03-19T11:33:39.1033333+00:00
MayankBargali-MSFT
68,641
Reputation points
2 answers
As a global administrator, my access seems to be limited
It seems having some issues with using azure portal starting today, the account of our company seems to be limited to access those features that we normally used in the past. Please see the following screenshots and help us out, thank you.
asked 2024-03-13T20:04:29.37+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 8%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIC%3C/text%3E%3C/svg%3E)
It civica
0
Reputation points
commented 2024-03-19T07:17:50.5233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT
14,646
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
How to transition from classic administrators to RBAC for a one-man shop?
I am the only Owner and the only Service administrator for the subscription. There are no Co-Administrators. What should I do to carry out the instruction in the email, "Action required: Transition from Azure classic administrator roles to RBAC…
asked 2024-03-12T06:59:40.5033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 33%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBH%3C/text%3E%3C/svg%3E)
Bruce Haley
75
Reputation points
accepted 2024-03-18T18:44:40.88+00:00
Bruce Haley
75
Reputation points
2 answers
I want Global Reader access but no access to subscription billing information // Or need to know if I can see actual billing cost related information with Read access
microsoft.commerce.billing/allEntities/allProperties/readRead all resources of Office 365 billingmicrosoft.commerce.billing/allEntities/allProperties/readRead all resources of Office 365 billingmicrosoft.commerce.billing/purchases/standard/readRead…
asked 2024-03-18T08:41:50.1+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 78%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAN%3C/text%3E%3C/svg%3E)
Amar Nath Tiwari
20
Reputation points
edited the question 2024-03-18T12:48:06.9+00:00
OMMI NAVEEN KUMAR
195
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
How to transition from classic administrators to RBAC for a one-man shop?
I am the only Owner and the only Service administrator for the subscription. There are no Co-Administrators. What should I do to carry out the instruction in the email, "Action required: Transition from Azure classic administrator roles to RBAC…
asked 2024-03-12T06:56:39.5733333+00:00
Bruce Haley
75
Reputation points
accepted 2024-03-16T17:23:47.0266667+00:00
Bruce Haley
75
Reputation points