Hi ,
Not enough permissions: Ensure that you have the necessary permissions to create an App Service Certificate or resource group or any resource. You need at least Contributor permissions in the subscription.
To assign a contributor role in Azure to create resources under a subscription, follow these step-by-step instructions:
- Sign in to Azure Portal: Go to the Azure portal (https://portal.azure.com/) and sign in with your Azure account credentials.
- Navigate to Subscriptions: On the left-hand side of the Azure portal, click on "Subscriptions". This will display a list of all the subscriptions associated with your account.
- Select Subscription: Choose the subscription to which you want to assign the contributor role. Click on the subscription name to open its details.
- Access Control (IAM): In the subscription details page, click on "Access control (IAM)" from the menu. This will open the IAM (Identity and Access Management) blade for the subscription.
- Add Role Assignment: On the IAM blade, click on the "+ Add" button at the top to add a new role assignment.
- Select Role: In the "Add role assignment" pane, select "Contributor" as the role. The contributor role grants permissions to create and manage resources, but not permissions to manage access control.
- Assign Access to: In the "Assign access to" section, you can assign the role to a user, group, or service principal. Click on the drop-down menu to select the appropriate option.
- Choose User/Group: After selecting the type of principal (user, group, or service principal), search for and select the user or group to whom you want to assign the contributor role. You can either type their name or email address in the search box.
- Review and Assign: Review the details of the role assignment to ensure accuracy. Verify the selected role, user/group, and subscription. Click "Save" or "Assign" to create the role assignment.
- Verification: Once the role assignment is created, verify that the user or group now has the contributor role within the subscription. They should be able to create and manage resources under that subscription.
Please check this link for more details
https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
Kindly accept answer , if it helps