Hi,
I noticed the following issue in the Azure DevOps pipeline.
Unable to update a virtual machine via PowerShell in a pipeline task.
ErrorCode: LinkedAuthorizationFailed ErrorMessage: The client 'xx-x' with object id 'xx-x' has permission to perform action 'Microsoft.Compute/virtualMachines/write' on scope '/subscriptions/xx-xx-zz/resourceGroups/x/providers/Microsoft.Compute/virtualMachines/xxzz'; however, it does not have permission to perform action(s) 'Microsoft.ManagedIdentity/userAssignedIdentities/assign/action' on the linked scope(s) '/subscriptions/xx-xx-zz/resourceGroups/Y/providers/Microsoft.ManagedIdentity/userAssignedIdentities/xx-wa' (respectively) or the linked scope(s) are invalid.
ErrorTarget:
StatusCode: 403
ReasonPhrase: Forbidden
Here is the part of the script that I run.
It fails on the Update-AzVM command.
When I run the script manually it works.
It only fails through the pipeline.
Last week everything was fine.
I didn't change anything.
It stopped working from the beginning of September 2024.
The proposed solution was to set the necessary permissions for the client.
I checked the settings and the client has granted Contributor access with all permissions.
Client scope is "Resource group (Inherited)".
Can you advise me what to do, please?