Failed to save firewall and virtual network settings for storage account. Error: Validation of network acls failure: AuthorizationFailed

Sidney Bastos 20 Reputation points
2024-06-20T11:06:43.1133333+00:00

Failed to save firewall and virtual network settings

Failed to save firewall and virtual network settings for storage account 'sabackupsacwebpr'. Error: Validation of network acls failure: AuthorizationFailed:The client '5e583294-9f74-478e-9899-73c9a44e2eb7' with object id '5e583294-9f74-478e-9899-73c9a44e2eb7' does not have authorization to perform action 'microsoft.network/virtualNetworks/taggedTrafficConsumers/validate/action' over scope 'rg-base-backup-sacweb-pr/providers/microsoft.network/virtualNetworks/ne-pr-backup.sacweb-vnet-01/taggedTrafficConsumers/Microsoft.Storage.northeurope.slice9.instance4'>ne-pr-backup.sacweb-vnet-01/Microsoft.Storage.northeurope.slice9.instance4' or the scope is invalid. If access was recently granted, please refresh your credentials..

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,908 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,288 questions
{count} votes

Accepted answer
  1. Anand Prakash Yadav 7,780 Reputation points Microsoft Vendor
    2024-06-21T10:39:43.9333333+00:00

    Hello Sidney Bastos,

    Thank you for posting your query here!

    I understand that you're trying to add a virtual network (VNet) from one subscription to a storage account in another subscription. While doing this, you're getting an error that says you don't have the necessary permission to complete the action.

    Please ensure that the service principal or user has the necessary permissions on the virtual network in the other subscription. Specifically, they need the ‘Microsoft.Network/virtualNetworks/subnets/join/action permission’. This is typically included in the Network Contributor role.

    Since you mentioned you are the Owner of the subscription, necessary permissions to configure networking settings on the storage account should already be covered.

    If you’ve recently granted permissions or made changes, try refreshing your credentials by signing out and signing back in to the Azure portal. Sometimes, cached credentials can cause issues.

    Also, a similar issue is discussed in the Answer section of the following SO thread: https://stackoverflow.com/questions/54155808/the-client-with-object-id-does-not-have-authorization-to-perform-action-taggedtr

    Further reference: https://stackoverflow.com/questions/66949703/whitelisting-cross-tenant-subnet-in-storage-account-firewall-in-azure

    If these steps do not help, please let us know and we will need to investigate the issue further from our end.

    Do let us know if you have any further queries. I’m happy to assist you further.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful