Share via

Cannot create resource groups

George Lee 0 Reputation points
2024-01-31T08:13:43.2633333+00:00

Hello, I am new to Azure. I work in a non profit and luckily we have Microsoft Azure Sponsorship. I am not the owner role but I have contributor role.
I have already register the subscription with Microsoft.Resources, Microsoft.Compute, Microsoft.Storage and Microsoft.Network.
But I cannot create a VM because I don't have permission to create resources group. How can I create resources group? What role do I need? What is the least privilege role for creating VM? And are there any better documentation to help me sort out what role do I need to create certain resources. (And the Q&A assist cannot help me with this question)

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,030 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2024-01-31T08:13:43.2666667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To create a resource group, you need contributor permissions or higher in your subscription. As a contributor, you should have the necessary permissions to create a resource group. To create a resource group, follow the steps in the "Create a resource group" section of the "Overview and Prerequisites" document.

    To create a VM, you need to assign the Virtual Machine Contributor role to your account. This role provides permissions to create a VM in the selected resource group, create a VM in the selected virtual network, and write to an Azure managed disk. To assign the Virtual Machine Contributor role to your account, follow the steps in the "Grant access" section of the "Tutorial: Grant a user access to Azure resources using the Azure portal" document.

    The least privilege role for creating a VM is the Virtual Machine Contributor role.

    For more information on Azure RBAC and roles, see the "Tutorial: Grant a user access to Azure resources using the Azure portal" document.

    References:

    0 comments
  2. vipullag-MSFT 26,487 Reputation points Moderator
    2024-02-12T04:10:01.5466667+00:00

    Hello George Lee

    Welcome to Microsoft Q&A Platform, thanks for posting your query here.

    To create a resource group, you need to have the "Contributor" or "Owner" role assigned to your account. If you are unable to create a resource group, it is possible that the Owner role has set up custom role-based access control (RBAC) policies that restrict your permissions.

    To create a VM, you need to have the "Virtual Machine Contributor" role assigned to your account. This role allows you to create and manage virtual machines, but does not give you permission to create or manage resource groups.

    If you are unable to create a resource group or a VM, you may need to contact the Owner role or an Azure administrator to request additional permissions. The least privilege role for creating a VM is the "Virtual Machine Contributor" role.

    Yes, there is documentation available that can help you determine what role you need to create certain resources.

    The Azure documentation provides a list of built-in roles that you can use to assign permissions to users, groups, and applications. Each role has a set of permissions that determine what actions can be performed on Azure resources.

    You can find more information about these roles in the Azure documentation:

    https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

    https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles

    In addition to the built-in roles, you can also create custom roles that are tailored to your specific needs.

    I hope this helps.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.