AuthorizationFailed: does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write'

Question

Code: AuthorizationFailed Message: The client 'Chuang.Niu@sony.com' with object id '0c835af3-601e-448f-a56b-dba8853b499a' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/f7e98163-5df7-4cb2-b770-15754cc0441a/resourcegroups/ResGrp0213' or the scope is invalid. If access was recently granted, please refresh your credentials. 1.We failed use 'az group create --name ResGrp0213 --location eastus' to create resource group;

2.We've already given a owner role;

3.We've created new resource group using 'New-AzResourceGroup -Name ResGrp0213 -Location westus'

So,question is why i can't use 'az' command to create resource group. Still facing the same issue.

Answer 1

@Niu, Chuang (Contractors) ,

To confirm that I am correctly understanding your issue, it sounds like you are saying that you can create the group via PowerShell but receive the authorization error when you try via Azure CLI.

In your second screenshot with the successful command, there is a different subscription ID listed than the one in your error and in your first screenshot. It sounds like your account has permissions in the second subscription but not in the first one. I would recommend performing the same steps of adding the owner permissions to the first subscription (f7e98163-5df7-4cb2-b770-15754cc0441a), OR creating the resources in the second subscription (30e9013b-xxx-xxx) if that was the intention.

You can set the subscription in Azure CLI running az account set --subscription your-subscription-id

See related:

Authorization error Subscription authorization

If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar questions. Otherwise let me know if you have further questions.