Share via

I keep getting this error when creating a vm

Daniel Idongesit Ekpo 0 Reputation points
2025-01-30T08:42:34.3233333+00:00

"code": "DenyAssignmentAuthorizationFailed", "message": "The client '******@mauritius.amity.edu' with object id '33558633-b1a6-4b52-8426-ad6b4b1d16df' has permission to perform action 'Microsoft.Resources/subscriptions/resourceGroups/write' on scope '/subscriptions/67ff9b59-4101-4825-ab77-04c2e6ba35c6/resourceGroups/Aztest_group'; however, the access is denied because of the deny assignment with name '[UNUSUALACTIVITY] FULL DENY ASSIGNMENT ON / FOR ALL USERS ADDED' and Id '4b296be0b565493eb55b73b575992216' at scope '/'." }

Azure Virtual Machines
Azure Virtual Machines

An Azure service that is used to provision Windows and Linux virtual machines.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Abiola Akinbade 30,490 Reputation points Volunteer Moderator
    2025-01-30T09:05:24.6833333+00:00

    Hello Daniel Idongesit Ekpo,

    Thanks for your question.

    There is a deny assignment causing this:

    deny assignment named [UNUSUALACTIVITY] FULL DENY ASSIGNMENT ON / FOR ALL USERS ADDED with ID 4b296be0b565493eb55b73b575992216 at the root scope (/).

    https://learn.microsoft.com/en-us/azure/role-based-access-control/deny-assignments?tabs=azure-portal

    • With an account that has the correct role like Owner go to the Portal > IAM section of the root scope (/).
    • Select the Deny assignments tab to view all deny assignments at this scope.
    • Locate the deny assignment with ID 4b296be0b565493eb55b73b575992216.

    You can modify this there.

    However, the naming looks like a read-only deny assignment default to your type of subscription. In this case you will need to contact support for the activity in question triggering the deny.

    https://azure.microsoft.com/en-us/support/create-ticket

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.