Does not have authorization when deploying enterprise-scale landing zone via github

Don Orvo 1 Reputation point

I am getting this error when I tried to create a landing zone on my tenant.

The client ' .com' with object id '95edad87-fef0-4045-b2c1-8105dc5d8716' does not have authorization to perform action 'Microsoft.Resources/deployments/validate/action' over scope '/providers/Microsoft.Resources/deployments/NoMarketplace-20210419125003' or the scope is invalid. If access was recently granted, please refresh your credentials. (Code: AuthorizationFailed)

This is the link that I am using for creating the landing zone:

I already assigned "owner" role under tenant root group and elevated the access for a global administrator.

What else can I check for me to create this enterprise-scale landing zone using the link in github?

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
372 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 20,671 Reputation points Microsoft Employee

    As you said, the Owner role should be enough. So the issue is likely one of these problems:

    1. You are authenticated under a different user than the one that is trying to create a landing zone.
    2. You are deploying to the wrong resource group.
    3. You are deploying to the wrong subscription. (You can use "Get-AzContext" to check for this.)

    (See related SO thread.)

    See also:

    No comments