Azure Setup - Error

Integrity Construction Enterprise 0 Reputation points
2024-11-25T01:59:22.68+00:00

Error

Error information

Code

Forbidden

Message

The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes for role assignments to become effective.

Raw error

Caller is not authorized to perform action on resource. If role assignments, deny assignments or role definitions were changed recently, please observe propagation time. Caller: appid=3686488a-04fc-4d8a-b967-61f98ec41efe;oid=e31407e0-9c0c-498d-9e41-642fa41c4ca0;iss=https://sts.windows.net/cde19dfb-c090-46f9-9a97-9dcc4420a832/ Action: 'Microsoft.KeyVault/vaults/secrets/setSecret/action' Resource: '/subscriptions/137cabe6-17a6-4a2e-8e68-c73066c6583c/resourcegroups/networkwatcherrg/providers/microsoft.keyvault/vaults/domainkeyv/secrets/secret1' Assignment: (not found) DenyAssignmentId: null DecisionReason: null Vault: DomainKeyV;location=eastus

Microsoft Entra
{count} votes

2 answers

Sort by: Most helpful
  1. akinbade abiola 20,385 Reputation points
    2024-11-25T06:46:56.8533333+00:00

    Hello Integrity Construction Enterprise

    Thanks for your question

    The error message is because there is no role assignment granting the required permissions to the caller app. To resolve:

    • Go to the Azure portal and the (IAM) section of the Key Vault DomainKeyV.
    • Click Add role assignment.
    • Add either Key Vault Secrets Officer or Key Vault Contributor role to the principal

    https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide?tabs=azure-cli

    It may take a few minutes to propagate.

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola

    0 comments No comments

  2. Bhasker Donthu 930 Reputation points Microsoft Vendor
    2024-11-26T11:13:18.3466667+00:00

    Hello @Integrity Construction Enterprise,

    Thank you for posting your query on Microsoft Q&A.

    It looks like, this is an RBAC issue related to setting a secret in Azure Key Vault. The error indicates insufficient permissions for the operation.

    Here are steps to resolve the issue:

    1.Check Role Assignments

    ·       Ensure the user or service principal performing the action has the appropriate role assigned.

    ·       For setting secrets, the recommended roles are: Key Vault Administrator or Key Vault Secrets Officer

    2.Verify Permissions Scope

    ·       Make sure the role assignment is at the correct scope—subscription, resource group, or specific resource.

    ·       Note that roles assigned at a higher scope (e.g., subscription) might not always trickle down correctly.

    3.Access Control (IAM)

    ·       In the Azure portal, navigate to your Key Vault.

    ·       Go to Access Control (IAM) and check the assigned roles for the relevant users or service principals.

    4.Propagation Time

    ·       If role assignments were recently updated, allow a few minutes for changes to propagate. Retry the operation afterward.

    For more info, please refer to https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide?tabs=azure-cli

    I hope this information is helpful. Please feel free to reach out if you have any further questions.
    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.