not able to change access configuration policy

himani ghildiyal 5 Reputation points





Caller is not allowed to change permission model. For more information on how to change the permissions model follow this link: Details:; oid=b07e2451-9254-439a-bd94-32c3cebb085b; action=Microsoft.Authorization/roleAssignments/write; resource=/subscriptions/d7dad398-d1ca-4b8d-a1e3-e8bedbbc576f/resourcegroups/ghimani/providers/Microsoft.KeyVault/vaults/connectionstringdb1; decision=NotAllowed;

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,149 questions
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
686 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Vinodh247-1375 11,396 Reputation points

    Hi himani ghildiyal:

    Thanks for reaching out to Microsoft Q&A.

    You should have Key Vault Data Access Administrator, User Access Administrator or Owner permissions to change access configuration policy. Could you double check that?

    Changing permission model requires 'Microsoft.Authorization/roleAssignments/write' permission, which is part of Owner and User Access Administrator roles. Classic subscription administrator roles like 'Service Administrator' and 'Co-Administrator' are not supported.

    Please 'Upvote'(Thumbs-up) and 'Accept' as answer if the reply was helpful. This will be benefitting other community members who face the same issue.