AuthorizationFailed: does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write'

Niu, Chuang (Contractors) 65 Reputation points

Code: AuthorizationFailed Message: The client '' with object id '0c835af3-601e-448f-a56b-dba8853b499a' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/f7e98163-5df7-4cb2-b770-15754cc0441a/resourcegroups/ResGrp0213' or the scope is invalid. If access was recently granted, please refresh your credentials. 1.We failed use 'az group create --name ResGrp0213 --location eastus' to create resource group; Picture3

2.We've already given a owner role; Picture1

3.We've created new resource group using 'New-AzResourceGroup -Name ResGrp0213 -Location westus' Picture2

So,question is why i can't use 'az' command to create resource group. Still facing the same issue.

A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
1,850 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,618 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 32,456 Reputation points Microsoft Employee

    @Niu, Chuang (Contractors) ,

    To confirm that I am correctly understanding your issue, it sounds like you are saying that you can create the group via PowerShell but receive the authorization error when you try via Azure CLI.

    In your second screenshot with the successful command, there is a different subscription ID listed than the one in your error and in your first screenshot. It sounds like your account has permissions in the second subscription but not in the first one. I would recommend performing the same steps of adding the owner permissions to the first subscription (f7e98163-5df7-4cb2-b770-15754cc0441a), OR creating the resources in the second subscription (30e9013b-xxx-xxx) if that was the intention.

    You can set the subscription in Azure CLI running az account set --subscription your-subscription-id

    See related:

    Authorization error Subscription authorization

    If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar questions. Otherwise let me know if you have further questions.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful