Share via

Unable to view logs via Log stream in Azure App Services.

Khaleel Shaik 20 Reputation points
2025-05-22T09:45:57.2366667+00:00

I am currently trying to debug the logs of an application using the Log Stream feature in Azure App Service. However, despite having Owner-level access permissions, I am now encountering a prompt requesting write permissions to proceed. This is unexpected because previously, with the same level of access, we were able to access the logs without any issues.

This new restriction is blocking our ability to effectively debug and monitor the application in real-time. Could you please confirm if there have been any recent changes or updates in Azure App Service related to the Log Stream functionality or its permission requirements? Any insights on why this new permission prompt is appearing would be greatly appreciated, as it was not a behavior we experienced before.
User's image

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,934 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bhargavi Naragani 5,270 Reputation points Microsoft External Staff Moderator
    2025-05-22T10:25:07.2166667+00:00

    Hi @Khaleel Shaik,

    Azure recently introduced more granular permission checks for specific App Service features like Log Stream, Console, and Advanced Tools (Kudu). While earlier these features could be accessed with general "read-only" or inherited owner permissions, Log Stream now specifically requires write-level permissions on the App Service resource itself.

    This means that even if you're an Owner at a subscription or resource group level, if Azure RBAC (Role-Based Access Control) hasn't granted explicit "Microsoft.Web/sites/write" permission, certain features like Log Stream will now be blocked. This behavior was likely introduced as part of security hardening updates to reduce the risk of unintended write access through diagnostic features.

    To resolve this, you’ll need to ensure that the account you're using has explicit write permissions on the specific App Service resource.

    1. Go to your Azure Portal => Navigate to the App Service in question => Click Access control (IAM) from the left pane then Click "View my access" to confirm your exact role on the resource.
    2. If you don’t see Microsoft.Web/sites/write permission under Effective permissions, click + Add => Add role assignment. Assign a role like Contributor or Web Plan Contributor to your user account at the App Service level (not just at subscription/resource group level). Understand Azure RBAC
      Built-in roles: Contributor

    Reference:
    https://learn.microsoft.com/en-us/azure/azure-monitor/fundamentals/roles-permissions-security
    https://learn.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs#stream-logs

    If the answer is helpful, please click Accept Answer and kindly upvote it so that other people who faces similar issue may get benefitted from it.

    Let me know if you have any further Queries.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.