Does not have authorization when deploying enterprise-scale landing zone via github

Don Orvo 1 Reputation point
2021-04-19T05:00:12.973+00:00

I am getting this error when I tried to create a landing zone on my tenant.

The client 'live.com#itsmeemp1ror@Stuff .com' with object id '95edad87-fef0-4045-b2c1-8105dc5d8716' does not have authorization to perform action 'Microsoft.Resources/deployments/validate/action' over scope '/providers/Microsoft.Resources/deployments/NoMarketplace-20210419125003' or the scope is invalid. If access was recently granted, please refresh your credentials. (Code: AuthorizationFailed)

This is the link that I am using for creating the landing zone:
https://github.com/Azure/Enterprise-Scale/blob/main/docs/reference/adventureworks/README.md#pre-requisites

I already assigned "owner" role under tenant root group and elevated the access for a global administrator.

What else can I check for me to create this enterprise-scale landing zone using the link in github?

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
372 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 20,671 Reputation points Microsoft Employee
    2021-04-21T22:46:29.15+00:00

    As you said, the Owner role should be enough. So the issue is likely one of these problems:

    1. You are authenticated under a different user than the one that is trying to create a landing zone.
    2. You are deploying to the wrong resource group.
    3. You are deploying to the wrong subscription. (You can use "Get-AzContext" to check for this.)

    (See related SO thread.)

    See also: https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/error-register-resource-provider

    No comments