![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 47%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVB%3C/text%3E%3C/svg%3E)
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
The error indicates that the signed-in account does not have a role with permission to create resource groups on that subscription.
To resolve this, the subscription owner or administrator must grant appropriate Azure RBAC permissions at the correct scope:
- Ask the subscription admin (often the university IT/teacher) to sign in to the Azure portal.
- Go to Subscriptions → select the subscription shown in the error.
- Select Access control (IAM) → Add → Add role assignment.
- Assign a role that includes
Microsoft.Resources/subscriptions/resourceGroups/write, for example Contributor or a custom role with resource group write permissions, to the student account. - Alternatively, they can assign a role at Resource group scope if they want to control which resource groups can be used.
If the account is a guest in the university tenant, ensure that the guest user is explicitly assigned a role on the subscription or resource group; otherwise authorization will fail.
If, after role assignment, the error persists, the admin should verify there are no ABAC conditions or custom roles restricting write actions, as described in the RBAC troubleshooting guidance.
References: