You mention you were given the "User Administrator" right, assuming this is not a typo then it will not give you the rights you need, as this is an Azure AD role. What you need is "User Access Administrator", this and "Owner" are the only two built in roles with the Microsoft.Authorization/roleAssignments/write permission.
Devops Pipeline
Hi there,
I'm trying to create a DevOps pipeline for an Azure Function.
I'm an external user/Guest to a tenant.
In the tenant, there's one Security group which I am owner and that Security group has contributor access to two resource groups.
But when I try to create a pipeline from my tenant, It's giving me this error
Failed to set Azure permission 'RoleAssignmentId: ba8f4bc9-8fce-xxx-xxxxx-xxxxxxx' for the service principal '54dd-xxx-xxxx-xxxxxxxxxx' on subscription ID '548af2ae-xxx-xxxxxxxxxxxx': error code: Forbidden, inner error code: AuthorizationFailed, inner error message The client 'hasin.xxxxxxxxx@' with object id '957d-5cxxxdxxxx' does not have authorization to perform action 'Microsoft.Authorization/roleAssignments/write' over scope '/subscriptions/b4e3-c8xxxx' or the scope is invalid. If access was recently granted, please refresh your credentials. Ensure that the user has 'Owner' or 'User Access Administrator' permissions on the Subscription.
The Admin gave me User Administrator but it is still giving me the same error.
I can't find any Build In roles that can do this. Moreover this right is not in Microsoft.Authorization/roleAssignments/write custom roles right list.
I couldn't find any other way.
Any help would be appreciated.
Thanks
3 answers
Sort by: Most helpful
-
-
Jai Verma 461 Reputation points
2020-05-26T07:27:03.91+00:00 could you check if the subscription subscription ID '548axxxe-xxxx-xxxxxxxxxx' is exactly the same where you are creating pipeline?
-
Tahmid Eshayat 286 Reputation points
2020-05-26T07:32:14.863+00:00 Yes, It's the same.
Update: Edited the image to conceal PII information.