----------
@Pramod Valavala nope, my site doesn't have network restrictions. Network access restrictions are indeed disabled due to the use of Private Endpoint. However, I found the SCM site is suddenly working again after a few days.
In general, if I got an Authorization Error, is there any mechanism to see these access denial logs?
For example, a log entry give a more detailed reason why a user is rejected.
For Storage Account, I can enable the diagnostic setting and see the Access log (accept / denied) via Log Analytiscs.
Are there any similar things for the App Service SCM site?