Share via

Azure - Failed to delete public IP address The client 'XXX@XXXX.com' with object id XYZ does not have authorization to perform action 'Microsoft.Network/publicIPAddresses/delete' over scope 'XYZ'

Tech Support 96 Reputation points
2020-06-09T17:59:58.413+00:00

User is global administrator.

Cannot delete resources in the tenancy. Any idea why?

Failed to delete public IP address 'XYZ'. Error: The client 'Tech.XYZ@xyz .com' with object id 'XYZ' does not have authorization to perform action 'Microsoft.Network/publicIPAddresses/delete' over scope 'XYZ' or the scope is invalid. If access was recently granted, please refresh your credentials.

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
826 questions
Azure Stack Hub
Azure Stack Hub
An extension of Azure for running apps in an on-premises environment and delivering Azure services in a datacenter.
189 questions
0 comments
Accepted answer
  1. Tech Support 96 Reputation points
    2020-06-09T18:42:55.973+00:00

    Fixed. Had to re-apply global admin to fix.

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. suvasara-MSFT 10,046 Reputation points
    2020-06-09T18:14:13.81+00:00

    Greetings,

    It seems the account you been trying to delete the IP from, doesn’t have enough permission to perform this operation.

    To perform such operation, you need to be at least a network contributor on the subscription level or on the needed resource level.

    If you’re already using Custom RBAC Roles, then you need to make sure that your custom Role has the below operations within the Action section from within the Custom Role:

    Action Name

    Microsoft.Network/publicIPAddresses/read Read a public IP address

    Microsoft.Network/publicIPAddresses/write Create or update a public IP address

    Microsoft.Network/publicIPAddresses/delete Delete a public IP address

    Microsoft.Network/publicIPAddresses/join/action Associate a public IP address to a resource

    Reference doc for more insights.

    ----------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

    0 comments
  2. Tech Support 96 Reputation points
    2020-06-09T18:28:10.873+00:00

    Thankyou for the reply.

    The user is question is a Global admin... Hence the confusion.

    0 comments
  3. Manu Philip 18,671 Reputation points MVP
    2020-06-09T18:54:21.817+00:00

    Hello,

    Could you please try from PowerShell?

    1. Connect Azure tenant
    2. Execute the following cmdltes to find the networking profile. In this example, I assumes it is associated with a VM instance. 
      $vm = Get-AzVM -name myVM -ResourceGroupName myResourceGroup
$vm.NetworkProfile

    The output will show you the network ID Substitute it in the following cmdlet and disassociate the Public IP

    $nic = Get-AzNetworkInterface -Name myVMVMNicID -ResourceGroup myResourceGroup
$nic.IpConfigurations.publicipaddress.id = $null
Set-AzNetworkInterface -NetworkInterface $nic

    Finally, try to remove it as follows:

    Remove-AzPublicIpAddress <ID>

    Please mark as "Accept the answer" if the above steps helps you. Others with similar issues can also follow the solution as per your suggestion

    Regards,

    Manu

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.