Share via

when iam trying to create a azure sql database iam getting validation failed.

AFREEN SHAIK 1 Reputation point
2022-08-25T15:31:50.233+00:00

234899-azureportal.jpg

raw error:
{"code":"InvalidTemplateDeployment","message":"The template deployment failed because of policy violation. Please see details for more information.","details":[{"code":"RequestDisallowedByPolicy","target":"employe","message":"Resource 'employe' was disallowed by policy. (Code: RequestDisallowedByPolicy)","additionalInfo":[{"type":"PolicyViolation","info":{"evaluationDetails":{"evaluatedExpressions":[{"result":"True","expressionKind":"Field","expression":"type","path":"type","expressionValue":"Microsoft.Sql/servers/databases","targetValue":"Microsoft.Sql/servers/databases","operator":"Equals"},{"result":"False","expressionKind":"Field","expression":"Microsoft.Sql/servers/databases/sku.tier","path":"sku.tier","expressionValue":"GeneralPurpose","targetValue":["DataWarehouse","Basic"],"operator":"In"}]},"policyDefinitionId":"/subscriptions/561467BD-1CF3-498D-9054-5DC9561A7A2A/providers/Microsoft.Authorization/policyDefinitions/AzureB2C_AllowSQLDWHGen2","policySetDefinitionId":"/subscriptions/561467BD-1CF3-498D-9054-5DC9561A7A2A/providers/Microsoft.Authorization/policySetDefinitions/AzureB2C","policyDefinitionReferenceId":"9681175682564914452","policySetDefinitionName":"AzureB2C","policySetDefinitionDisplayName":"AzureB2C","policyDefinitionName":"AzureB2C_AllowSQLDWHGen2","policyDefinitionDisplayName":"AzureB2C_AllowSQLDWHGen2","policyDefinitionEffect":"deny","policyAssignmentId":"/subscriptions/561467BD-1CF3-498D-9054-5DC9561A7A2A/providers/Microsoft.Authorization/policyAssignments/0793525f-9ac5-4cdd-a76d-5b828e0a56d7","policyAssignmentName":"0793525f-9ac5-4cdd-a76d-5b828e0a56d7","policyAssignmentDisplayName":"AzureB2C","policyAssignmentScope":"/subscriptions/561467BD-1CF3-498D-9054-5DC9561A7A2A","policyAssignmentParameters":{}}}],"policyDetails":[{"isInitiative":true,"assignmentId":"/subscriptions/561467BD-1CF3-498D-9054-5DC9561A7A2A/providers/Microsoft.Authorization/policyAssignments/0793525f-9ac5-4cdd-a76d-5b828e0a56d7","assignmentName":"AzureB2C","auxDefinitions":[{"definitionName":"AzureB2C_AllowSQLDWHGen2","nonComplianceMessage":null}],"viewDetailsUri":"https://portal.azure.com#blade/Microsoft_Azure_Policy/EditAssignmentBladeV2/assignmentId/%2Fsubscriptions%2F561467BD-1CF3-498D-9054-5DC9561A7A2A%2Fproviders%2FMicrosoft.Authorization%2FpolicyAssignments%2F0793525f-9ac5-4cdd-a76d-5b828e0a56d7"}]}]}

Azure SQL Database
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alberto Morillo 35,401 Reputation points MVP Volunteer Moderator
    2022-08-25T16:24:20.887+00:00

    For security or compliance, your subscription administrators might assign policies that limit how resources are deployed. It seems your subscription administrators created a policy named that do not allow you to create a database. You can get more information about the policy your administrator(s) created by running below PowerShell script: 

    $subid = (Get-AzContext).Subscription.Id  
$defname = "AzureB2C_AllowSQLDWHGen2"  
(Get-AzPolicyDefinition -Id "/subscriptions/$subid/providers/Microsoft.Authorization/policyDefinitions") |  
  Where-Object -Property Name -EQ -Value $defname |  
    ConvertTo-Json -Depth 10

    To get even more information about the policy assignment you can also run the following PowerShell script: 

    $rg = Get-AzResourceGroup -Name "PutTheResourceGroupNameHere"  
$assignmentname = "AzureB2C_AllowSQLDWHGen2"  
Get-AzPolicyAssignment -Name $assignmentname -Scope $rg.ResourceId | ConvertTo-Json -Depth 5

    You can also contact the resource group administrators on your organization and ask them about that policy named AzureB2C_AllowSQLDWHGen2.

    0 comments
  2. Oury Ba-MSFT 21,126 Reputation points Microsoft Employee Moderator
    2022-08-26T17:14:46.453+00:00

    Hi @AFREEN SHAIK Thank you for posting your question on Microsoft Q&A and for using Azure services.

    As we understand the ask here, you are facing an issue "resource disallow by policy" when deploying an Azure SQL Database.

    As explained above by @Alberto Morillo your subscription administrators have to assign policies that limit how resources are deployed. For example, policies that prevent creating public IP addresses, network security groups, user-defined routes, or route tables.

    To resolve RequestDisallowedByPolicy errors, review the resource policies and determine how to deploy resources that comply with those policies. The error message displays the names of the policy definition and policy assignment.

    For more information, see the following articles:
    Tutorial: Create and manage policies to enforce compliance
    Azure Policy built-in policy definitions

    Regards,
    Oury

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.