Tag: security


Can’t Create Resources in Resource Group


I created a resource group and gave my colleague the contributor access to the resources group.

Then he was going to deploy Logic App, but got an error that he does not have access and is not authorized. So he tried to deploy a VM, same issue.
I deployed Logic App for him (not problem).

The error he gets looks like this:
Resource creation fails with the error which looks like below- Registering the resource providers has failed. Additional details from the underlying API that might be helpful: ‘AuthorizationFailed’ – The client xxx@xxx.com’ with object id ‘af648edh-5336-sf55-ff2f-14873afdc259’ does not have authorization to perform action ‘Microsoft.Compute/register/action’ over scope ‘/subscriptions/245455vgd4-34gg-afe4-975f-3345gdgs34s’. (Code: AuthorizationFailed)

Hmmmm….. What’s going on here?

With the contributor access to a resource group, you can create a resource e.g. a VM or Logic App. What went wrong here if we look at the error message and focus on ‘Microsoft.Compute/register/action’ over scope ‘/subscriptions/245455vgd4-34gg-afe4-975f-3345gdgs34s’. is that he is not authorized to create a resource, it is the authorization error to register a resource provider. So how do we solve it?

Well after a bit of Googling if found a solution that worked for me,

  • ​Log into Azure with an identity which has a subscription level access to register a resource provider e.g. admin/owner.
  •  Using PowerShell (PoSh) register the resource providers you need at the subscription level. You can also see which providers are available and registered already.

Open Powershell and enter the following:

– Login-AzureRmAccount

#List out all Subscriptions you have access to
– Get-AzureRmSubscription

– $subscriptionId= “<Subscription Id>”

– Select-AzureRmSubscription -SubscriptionId $subscriptionId

 
#List all available providers and register them
– Get-AzureRmResourceProvider -ListAvailable | Register-AzureRmResourceProvider -Force​​
*****UPDATE****
with the “new” AZ Module, you can now run this command:
Get-AzResourceProvider -ListAvailable | Register-AzResourceProvider