The client with object id does not have authorization to perform action

PeterK 10 Reputation points
2023-05-05T18:19:10.01+00:00

Dears,

I hav been trying get list of jobs of Azure's runbooks. However, neither of .net code nore Postman was sucessful. I keep getting the error: {"error":{"code":"AuthorizationFailed","message":"The client with object id ' does not have authorization to perform action 'Microsoft.Automation/automationAccounts/jobs/read' over scope .. . I am the owener of the subscription, and my azure's app has the "read" permission.

Following picture displays my subscription access control (IAM):

access control - IAM

Following picture displays my app authentication

app authentication

Following picture displays my app role

App role

Following picture displays my API permissions

API permission

I hope that I enclosed all required info.

Thanks in advance.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Authenticator
{count} vote

1 answer

Sort by: Most helpful
  1. Patchfox 4,176 Reputation points
    2023-05-06T21:35:44.0333333+00:00

    Hi @PeterK , I want to help you with this question.

    I tried to recreate the error and I could imagine that you forgot to assign the reader permissions on the specific automation account resource for the service principal (app registration).

    I will get the same error when I forget this.

    Otherwise, the Postman request works. My test automation account had no jobs but I got an empty array back.


    If the reply was helpful, please don’t forget to upvote or accept it as an answer, thank you.

    3 people found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.