Resolved:
Even though I am the subscription / keyvault owner - I need to assign myself as the "Key Vault Administrator" role
Azure Keyvault: The operation is not allowed by RBAC.
Hi,
I am the owner of the subscription, i have created the azure keyvault and when I am trying to add a new secret, I get the following error message.
The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes for role assignments to become effective.
I've checked the key vault, I've added myself as the owner even though I am the owner of the subscription but still doesn't help.
2 answers
Sort by: Most helpful
-
Dat AU DUONG 385 Reputation points
2023-09-17T04:29:48.1833333+00:00 -
Akshay-MSFT 17,866 Reputation points Microsoft Employee
2023-09-18T05:45:07.45+00:00 Thank you for posting your query. I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.
Issue: Admin is getting "Azure Keyvault: The operation is not allowed by RBAC" while trying to add secret to KeyVault, even though you are subscription owner.
Solution: Admin must have Key Vault administrator role while using RBAC. Once assigned you were able to add secret in KeyVault.
If you have any other questions or are still running into more issues, please let me know.
Thank you again for your time and patience throughout this issue.Thanks,
Akshay Kaushik
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.