This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 39%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Hello,
I created a Lighthouse offer with Reader, Virtual Machine Contributor as well as other related Contributor roles and Delete Offer roles (see below). After onboarding, when I attempt to create new Virtual Machine via the Provider tennant, I get a permission error like so:
What exactly am I missing? The Service Provider user account is in the group that was associated in the offer, it is also the administrator. So it must be a Role I am missing? My goal is to build an offer that will allow full VM management. Thanks.
These are the roles, I think I might need also to add some Storage and Networking roles:
[
{
"principalId": "67e78b19-6609-4ca8-aaf2-f0a26626ea05",
"roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
"principalIdDisplayName": "Read Any Resource"
},
{
"principalId": "67e78b19-6609-4ca8-aaf2-f0a26626ea05",
"roleDefinitionId": "91c1777a-f3dc-4fae-b103-61d183457e46",
"principalIdDisplayName": "Unregister MSP"
},
{
"principalId": "67e78b19-6609-4ca8-aaf2-f0a26626ea05",
"roleDefinitionId": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
"principalIdDisplayName": "Manage Virtual Machines"
},
{
"principalId": "67e78b19-6609-4ca8-aaf2-f0a26626ea05",
"roleDefinitionId": "4d97b98b-1d4f-4787-a291-c67834d212e7",
"principalIdDisplayName": "Manage Networks"
},
{
"principalId": "67e78b19-6609-4ca8-aaf2-f0a26626ea05",
"roleDefinitionId": "ec156ff8-a8d1-4d15-830c-5b80698ca432",
"principalIdDisplayName": "Manage CDN profiles"
},
{
"principalId": "67e78b19-6609-4ca8-aaf2-f0a26626ea05",
"roleDefinitionId": "befefa01-2a29-4197-83a8-272ff33ce314",
"principalIdDisplayName": "Manage DNS Zones"
},
{
"principalId": "67e78b19-6609-4ca8-aaf2-f0a26626ea05",
"roleDefinitionId": "5e467623-bb1f-42f4-a55d-6e525e11384b",
"principalIdDisplayName": "Manage Storage Backups"
},
{
"principalId": "67e78b19-6609-4ca8-aaf2-f0a26626ea05",
"roleDefinitionId": "add466c9-e687-43fc-8d98-dfcf8d720be5",
"principalIdDisplayName": "Manage Data Box Service"
},
{
"principalId": "67e78b19-6609-4ca8-aaf2-f0a26626ea05",
"roleDefinitionId": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
"principalIdDisplayName": "Manage Storage Account"
},
{
"principalId": "67e78b19-6609-4ca8-aaf2-f0a26626ea05",
"roleDefinitionId": "e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1",
"principalIdDisplayName": "Manage Storage Backup Account"
}
]
Hi @lzap
Did you register the resource provider for the subscription? like example:
You can also create a specific role for all users, to register a resource provider
Get in touch if you need more help with this issue.
--please don't forget to "[Accept the answer]" if the reply is helpful--
I see it registered, but I tried to create a Virtual Machine under the Customer tenant directly first, it may have registered necessary providers automatically because after that, it just works.
Thanks :)