Unable to create OS disk snapshots (Linux)

Girish Prajwal 706 Reputation points
2020-12-15T16:04:46.11+00:00

I believe that I have given sufficient permissions (VM Contributor and then added additional access like snapshots and disk access) to create OS Disk Snapshots. However, I keep getting errors as below.

{

"code": "DeploymentFailed",

"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",

"details": [

{

  "code": "LinkedAuthorizationFailed",

  "message": "The client 'gpw.ext@onmicrosoft.com' with object id 'c965edb5-d6e4-47e5-b606-c5b100e1c99a' has permission to perform action 'Microsoft.Compute/snapshots/write' on scope '/subscriptions/SubscriptionID/resourcegroups/ResourcegroupName/providers/Microsoft.Compute/snapshots/test_gp_osdisk_snapshot'; however, it does not have permission to perform action 'Microsoft.Compute/disks/beginGetAccess/action' on the linked scope(s) '/subscriptions/SubscriptionID/resourceGroups/ResourcegroupName/providers/Microsoft.Compute/disks/OSDiskName_OsDisk_1_22fe043ced714d64988bb7bbb1233454' or the linked scope(s) are invalid."

}

]

}

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,543 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,910 questions
{count} votes

Accepted answer
  1. Sumarigo-MSFT 45,406 Reputation points Microsoft Employee
    2020-12-16T08:44:21.41+00:00

    @Girish Prajwal Just for better understanding the issue: I would recommend that you remove the VM contributor role from the user and reassign it again, (at the subscription scope). Then sign out and sign back in and try to create the snapshot again.

    We have two options for this issue you can add the following line the actions: "Microsoft.Compute/disks/beginGetAccess/action" or just add the line "Microsoft.Compute/disks/*"

    Based on the error message: The permissions error "The client with object id does not have authorization to perform action", check that you are currently signed in with a user that is assigned a role that has the Microsoft.Authorization/roleAssignments/write permission such as Owner or User Access Administrator at the scope you are trying to assign the role. For more information, refer to this article for Access denied or permission error, which gives some idea on your query.

    Create a snapshot using the portal or PowerShell

    Azure: Custom RBAC Role-Definition in your subscription

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments

0 additional answers

Sort by: Most helpful