Share via

Create an Azure Resource Manager connection - Failed to set Azure Permission

Antonny García 20 Reputation points
2025-05-30T21:03:38.86+00:00

Hi everybody,

I have an error from my colleague that he's trying to create an ARM connection. We are project administrators on this project. I can create the connection, but he doesn't create the same connection.

Also, the error mentions to resolve this issue, the user has 'Owner' or 'User Access Administrator' permissions on the subscription, this kind of permissions I have. I want to know if this is the only way to resolve this issue or if I can give him some permissions to resolve this issue.

I appreciate your experience on the comments, thanks.

Best Regards,

Azure DevOps
0 comments
Accepted answer
  1. Durga Reshma Malthi 4,530 Reputation points Microsoft External Staff Moderator
    2025-06-02T14:58:45.5266667+00:00

    Hi Antonny García

    The Contributor role allows your colleague to manage resources but doesn’t grant permission to assign roles to others. On the other hand, User Access Administrator enables them to manage access permissions.

    Since your colleague needs permissions to create the ARM service connection, having User Access Administrator should be sufficient.

    Please Let me know if you have any queries.

    If you found the information helpful, please click "Upvote" on the post to let us know and consider accepting the answer as the token of appreciation. Thank You.

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Durga Reshma Malthi 4,530 Reputation points Microsoft External Staff Moderator
    2025-06-02T04:47:24.5633333+00:00

    Hi Antonny García

    Since the error states that 'Owner' or 'User Access Administrator' permissions are required, this suggests that your colleague may not have sufficient access at the subscription level.

    Go to Azure Portal -> Subscriptions -> Access Control (IAM) -> Roles -> Search for your colleague’s name -> To add roles, click on Add Role Assignment-> Choose either Owner, User Access Administrator, Contributor.

    After updating permissions, wait for few minutes and then ask your colleague to try creating the ARM connection again.

    Additional References:

    https://learn.microsoft.com/en-us/azure/devops/pipelines/release/azure-rm-endpoint?view=azure-devops

    Hope this helps!

    Please Let me know if you have any queries. If you found the information helpful, please click "Upvote" on the post to let us know and consider accepting the answer as the token of appreciation. Thank You.

    1 person found this answer helpful.
    0 comments
  2. Luke Murray 11,436 Reputation points MVP Volunteer Moderator
    2025-06-01T07:46:47.8633333+00:00

    You could try setting up a user-assigned managed identity, or Service Principal, then grant that permission to Azure, then when setting up the Service Principal, try Manual, and enter in the application ID and secret, and try that. If that doesn't work, then it may be relevant for you to set up the connection and allow its use on the Project, then he can use it.

    0 comments
  3. Antonny García 20 Reputation points
    2025-06-02T14:24:03.31+00:00

    Hi Durga Reshma Malthi,

    I followed the steps that you mentioned, now I'm waiting for the confirmation from my colleague. Regarding your instructions, I'd like to ask you if there is any issue now my colleague has two roles: Contributor and User Access Administrator, or he should have a role only?

    Thanks for your support!

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.