Getting does not have authorization to perform action or scope is invalid.

Kalyani Wani 45 Reputation points

We're getting the following error 'The client 'f774a339-7628-49ff-9829-49c522b6d49c' with object id 'f774a339-7628-49ff-9829-49c522b6d49c' does not have the authorization to perform action 'Microsoft.Resources/subscriptions/resourceGroups/read' over scope '/subscriptions/3535caf0-dd76-4e49-8666-cdbb6f15aa55' or the scope is invalid. If access was recently granted, please refresh your credentials.' We've already given a Contributor role and added a few custom roles such as:

1.'Microsoft.Authorization//write', 2.'Microsoft.Authorization//read', 3.'Microsoft.Resources/subscriptions/', 4.'Microsoft.Resources/subscriptions/resourceGroups/', 5.'Microsoft.Resources/subscriptions/resourcegroups/resources/', 6.'Microsoft.Resources/subscriptions/resources/', 7.'Microsoft.Resources/subscriptions/locations/*'

Still facing the same issue.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
6,823 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,678 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Akshay-MSFT 14,871 Reputation points Microsoft Employee

    @Kalyani Wani

    The error is not related to the user but to the application. Kindly look for application/SPN name with client ID: 'f774a339-7628-49ff-9829-49c522b6d49c.

    Navigate to the subscription > Choose the subscription > Add Role assignment > Reader > assign to the application SPN:

    User's image

    User's image

    User's image


    Akshay Kaushik

    6 people found this answer helpful.

  2. TWA 0 Reputation points

    make sure you are in the right subscription. after you login with "Connect-AzAccount" go to "Select-AzSubscription -SubscriptionName 'X'

    0 comments No comments