Does not have authorization when deploying enterprise-scale landing zone via github

Question

I am getting this error when I tried to create a landing zone on my tenant.

The client 'live.com#itsmeemp1ror@Stuff .com' with object id '95edad87-fef0-4045-b2c1-8105dc5d8716' does not have authorization to perform action 'Microsoft.Resources/deployments/validate/action' over scope '/providers/Microsoft.Resources/deployments/NoMarketplace-20210419125003' or the scope is invalid. If access was recently granted, please refresh your credentials. (Code: AuthorizationFailed)

This is the link that I am using for creating the landing zone:
https://github.com/Azure/Enterprise-Scale/blob/main/docs/reference/adventureworks/README.md#pre-requisites

I already assigned "owner" role under tenant root group and elevated the access for a global administrator.

What else can I check for me to create this enterprise-scale landing zone using the link in github?

Answer 1

As you said, the Owner role should be enough. So the issue is likely one of these problems:

1. You are authenticated under a different user than the one that is trying to create a landing zone.
2. You are deploying to the wrong resource group.
3. You are deploying to the wrong subscription. (You can use "Get-AzContext" to check for this.)

(See related SO thread.)

See also: https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/error-register-resource-provider

Answer 2

This article solved it to me

https://luke.geek.nz/azure/you-don-t-have-authorization-to-perform-action-microsoft.resources-deployments-validate-action/