i am trying add user permission in subscription,there i am getting error .

raj 40 Reputation points
2024-11-23T12:17:34.34+00:00

i am trying add user permission in subscription,there i am getting error that you dont have permission to do this task. i am unable to use any service since i am not getting permission to even create a resources group and not even getting permission to raise support ticket my emailid:-azure0108d@gmail.comScreenshot 2024-11-23 163131

Azure Cost Management
Azure Cost Management
A Microsoft offering that enables tracking of cloud usage and expenditures for Azure and other cloud providers.
2,783 questions
{count} votes

Accepted answer
  1. SadiqhAhmed-MSFT 47,571 Reputation points Microsoft Employee
    2024-11-29T14:54:04.7966667+00:00

    @raj Sorry for the painful experience!The issue you're encountering is related to permissions after you moved your Azure subscription between tenants and directories. When you move a subscription between tenants or directories, it can cause changes to the role assignments and permissions associated with that subscription. Specifically, the permissions tied to your user account might have been affected, and you could have lost certain privileges, such as creating resources or managing role assignments.

    Verify your role: You need to be assigned a role with sufficient permissions, such as Owner, Contributor, or User Access Administrator.

    • To check your roles:
      • Navigate to Azure Portal.
      • Go to Subscriptions.
      • Select the subscription in question.
      • Under Access control (IAM), look for your user and verify if you have the necessary permissions (Owner or Contributor). If you do not have these roles, you won't be able to create resources or perform other administrative tasks.

    If someone else has access to the subscription, ask them to reassign roles (such as Owner or Contributor) to your user account.

    The Directory Administrator or someone with Global Admin or Owner privileges in the Azure Active Directory of the current directory (tenant) should be able to grant you proper permissions.

    If you are the only global admin on the account and are blocked entirely, you can reach out to our support team. You can look into below article to get support numbers depending on your country.

    https://support.microsoft.com/en-us/topic/global-customer-service-phone-numbers-c0389ade-5640-e588-8b0e-28de8afeb3f2

     or creating a ticket through a different account:  https://learn.microsoft.com/en-us/microsoft-365/admin/get-help-support?view=o365-worldwide#phone-support

    While creating a ticket with Microsoft support team. Give them the tenant ID which is locked out in your description. Tell them that no admin account has access anymore and your partners also have no access anymore.

    Once you create a ticket with support team you will have to work with our data protection team. You will have to first prove your identity against your tenant for security purpose. Post that this team will help you with help you in getting access to your tenant or unlock your account depending on your scenario.

    Also, for the future, you can create an emergency access account (break glass) in Azure AD. This account will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in for any reason.

    https://docs.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access

    Hope this helps. Please tag me in your reply if you have any concerns or need further assistance.


    If the response helped, do "Accept Answer" and up-vote it

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
  1. Marcin Policht 27,815 Reputation points MVP
    2024-11-23T12:31:35.56+00:00

    You have to use an account that has, at minimum, the Contributor level privileges in the subscription


    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin


  2. akinbade abiola 20,300 Reputation points
    2024-11-23T22:10:28.83+00:00

    Hello raj,

    Contributor role on subscription is sufficient to create all resources, including resource groups. To create a resource group you need one of the following roles:

    • Owner
    • Contributor

    https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal

    Since Contributor did not work, can you create a Owner role on subscription?

    You can confirm your current role by doing this:

    • Navigate to Azure Portal > Subscriptions.

    Select the affected Free Trial subscription.

    Go to the Access control (IAM) tab.

    • Under View access, check your role. You must be Owner or contributor.

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.