Getting error "The client with object id does not have authorization to perform action" using azure-sdk-for-go

Akhil PB 0 Reputation points
2024-04-17T18:37:23.15+00:00

Getting following error while trying to read/write privateDNSzone which is in the subscription "4a224af2-b22d-4a92-a556-fd0d0aa06847" from another subscription "017b8edd-1cb1-4c3e-aa2a-2f62880b1d3d" using azure-sdk-for-go.

GET https://management.azure.com/subscriptions/4a224af2-b22d-4a92-a556-fd0d0aa06847/resourceGroups/test-rg/providers/Microsoft.Network/privateDnsZones/privatelink.mysql.database.azure.com -------------------------------------------------------------------------------- RESPONSE 403: 403 Forbidden ERROR CODE: AuthorizationFailed -------------------------------------------------------------------------------- { "error": { "code": "AuthorizationFailed", "message": "The client 'eccbe23e-ce10-49ee-a742-9f8612377ef1' with object id 'eccbe23e-ce10-49ee-a742-9f8612377ef1' does not have authorization to perform action 'Microsoft.Network/privateDnsZones/read' over scope '/subscriptions/4a224af2-b22d-4a92-a556-fd0d0aa06847/resourceGroups/test-rg/providers/Microsoft.Network/privateDnsZones/privatelink.mysql.database.azure.com' or the scope is invalid. If access was recently granted, please refresh your credentials." } } --------------------------------------------------------------------------------

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
597 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 47,421 Reputation points Microsoft Employee
    2024-04-19T10:23:15.4+00:00

    Hello @Akhil PB ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    The error message "The client with object id does not have authorization to perform action" is related to permissions.

    Could you please confirm if the object ID "eccbe23e-ce10-49ee-a742-9f8612377ef1" has read/write permissions over the Private DNS zone "privatelink.mysql.database.azure.com"?

    Refer: https://learn.microsoft.com/en-us/azure/dns/dns-protect-private-zones-recordsets

    https://learn.microsoft.com/en-us/azure/dns/dns-faq-private#can-a-virtual-network-that-belongs-to-a-different-subscription-be-linked-to-a-private-zone-

    https://stackoverflow.com/questions/74837850/azure-how-do-i-associate-the-private-dns-zone-with-virtual-networks-across-the

    Please make sure that the above object ID has Private DNS zones Contributor role on the private DNS zone "privatelink.mysql.database.azure.com", providing the required read/write permissions.

    And if you would like to link a Virtual network to this Private DNS zone, then make sure that the above object ID has both Private DNS zones Contributor role on the Private DNS zone and Network Contributor role on the virtual network.

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments