Share via

"You don't have access to this" error message when attempting to access API Management Service admin developer portal

Stephen Meyer 0 Reputation points
2025-12-19T20:28:58.2833333+00:00

Seeing the error:

You don't have access to this Your sign-in was successful but you don't have permission to access this resource.

when accessing the api management service admin version of the developer portal through the button on the azure portal below. This occurs despite being logged in as the admin/creator of the resource, and having assigned roles with all of the permissions and scopes outlined here https://learn.microsoft.com/en-us/azure/api-management/developer-portal-faq#what-permissions-do-i-need-to-edit-the-developer-portal

Has anyone else encountered this? As a result I am unable to make any edits to the developer portal despite owning the resource

User's image

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Divyesh Govaerdhanan 10,250 Reputation points
    2025-12-20T15:42:56.1966667+00:00

    Hi Stephen Meyer,

    Welcome to Microsoft Q&A,

    This usually happens when the admin (edit) developer portal can’t generate an admin token because your signed-in identity is missing a specific APIM permission.

    Make sure your account has this action granted (at least): Microsoft.ApiManagement/service/users/token/action And it must be allowed within the scope of the APIM administrator user.

    https://docs.azure.cn/en-us/api-management/developer-portal-faq#what-permissions-do-i-need-to-edit-the-developer-portal

    You can use the following PowerShell script to create a role with the required permission. Remember to change the <subscription-id> parameter.

    #New Portals Admin Role 
Import-Module Az 
Connect-AzAccount -Environment AzureChinaCloud 
$contributorRole = Get-AzRoleDefinition "API Management Service Contributor" 
$customRole = $contributorRole 
$customRole.Id = $null
$customRole.Name = "APIM New Portal Admin" 
$customRole.Description = "This role gives the user ability to log in to the new Developer portal as administrator" 
$customRole.Actions = "Microsoft.ApiManagement/service/users/token/action" 
$customRole.IsCustom = $true 
$customRole.AssignableScopes.Clear() 
$customRole.AssignableScopes.Add('/subscriptions/<subscription-id>') 
New-AzRoleDefinition -Role $customRole

    Once the role is created, it can be granted to any user from the Access Control (IAM) section in the Azure portal. Assigning this role to a user will assign the permission at the service scope. The user will be able to generate SAS tokens on behalf of any user in the service. At the minimum, this role needs to be assigned to the administrator of the service. The following PowerShell command demonstrates how to assign the role to a user user1 at the lowest scope to avoid granting unnecessary permissions to the user:

    New-AzRoleAssignment -SignInName "******@contoso.com" -RoleDefinitionName "APIM New Portal Admin" -Scope "/subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.ApiManagement/service/<apim-service-name>/users/1"

    After the permissions have been granted to a user, the user must sign out and sign in again to the Azure portal for the new permissions to take effect.

    Please Upvote and accept the answer if it helps!!

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.