Share via

Unable to deploy OPC UA Broker extension

Bindu Rao 1 Reputation point
2024-07-18T18:12:52.96+00:00

I have followed the instructions mentioned in https://learn.microsoft.com/en-us/azure/iot-operations/get-started/quickstart-deploy to deploy Azure IoT operations.

All except opc-ua-broker extensions are created. I get the following error at the end of Deployment.

(DeploymentFailed) At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details. Code: DeploymentFailed Message: At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details. Target: /subscriptions/<id>/resourceGroups/IOTechArc/providers/Microsoft.Resources/deployments/aziotops.init.84cd7005aeed4015bbdc36af7dff60ec Exception Details:      (LinkedAuthorizationFailed) The client '[live.com#<user>]' with object id 'fe80a0ad-a148-45d9-a66e-684b3e9eb1da' has permission to perform action 'Microsoft.ExtendedLocation/customLocations/resourceSyncRules/write' on scope '/subscriptions/<id>/resourcegroups/IOTechArc/providers/Microsoft.ExtendedLocation/customLocations/miniature-zebra-w9wrgq5wx76f6qj-cl/resourceSyncRules/miniature-zebra-w9wrgq5wx76f6qj-cl-aio-sync'; however, it does not have permission to perform action(s) 'Microsoft.Authorization/roleAssignments/write' on the linked scope(s) '/subscriptions/<id>/resourceGroups/IOTechArc' (respectively) or the linked scope(s) are invalid.         Code: LinkedAuthorizationFailed         Message: The client '[live.com#<user>]' with object id 'fe80a0ad-a148-45d9-a66e-684b3e9eb1da' has permission to perform action 'Microsoft.ExtendedLocation/customLocations/resourceSyncRules/write' on scope '/subscriptions/<id>/resourcegroups/IOTechArc/providers/Microsoft.ExtendedLocation/customLocations/miniature-zebra-w9wrgq5wx76f6qj-cl/resourceSyncRules/miniature-zebra-w9wrgq5wx76f6qj-cl-aio-sync'; however, it does not have permission to perform action(s) 'Microsoft.Authorization/roleAssignments/write' on the linked scope(s) '/subscriptions/<id>/resourceGroups/IOTechArc' (respectively) or the linked scope(s) are invalid.

What could be the reason? The role is set to 'Owner' in the resource group.

Azure IoT Operations
Azure IoT Operations
Azure IoT Operations is a set of modular services enabled by Azure Arc.
28 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. hossein jalilian 8,080 Reputation points
    2024-07-18T18:27:19.4366667+00:00

    Thanks for posting your question in the Microsoft Q&A forum.

    It seems that the deployment process lacks permissions to perform certain actions on the resource group or its linked scope.

    Azure deployments often require permissions beyond just owning the resource group. review the Azure portal or use Azure CLI to verify the current role assignments for the user or service principal involved. checking and adjusting permissions at the subscription level, ensuring that the deployment process has sufficient permissions across all scopes where actions are required.

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

    0 comments
  2. Bindu Rao 1 Reputation point
    2024-07-22T15:50:22.0266667+00:00

    Thanks @hossein jalilian for the response. Could you provide more specific information on the role assignments for this issue? There is no problem with the rest of the Service(Extensions) deployment except this.

    Also, may I know why this 'Microsoft. Authorization/roleAssignments/write' permission is required to deploy OPC UA Broker?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.