具有对象ID xxx的客户端xxx没有权限执行Microsoft.Resources/subscriptions/resourcegroups/write'作用域 [英] The client xxx with object id xxx does not have authorization to perform action Microsoft.Resources/subscriptions/resourcegroups/write' over scope

问题描述

我正在尝试使用Azure Management SDK动态创建资源组 这是我的azure配置详细信息

I am trying to create a Resource Group dynamically using Azure Management SDK Here are my azure configuration details

subscription=<private-data>
client=<private-data>
key=<private-data>
tenant=<private-data>
managementURI=https://management.core.windows.net/
baseURL=https://management.azure.com/
authURL=https://login.windows.net/
graphURL=https://graph.windows.net/

这是用于创建资源的代码

Here is code for creating Resource

// Credentials
AzureCredentials credentials = new AzureCredentialsFactory()
    .FromFile("azureauth.properties");
string resourceName = GetRandomString();

// Create Azure Instance
var azure = Azure
        .Configure()
        .Authenticate(credentials)
        .WithDefaultSubscription();

// Create a Resource Group
azure.ResourceGroups
        .Define(resourceName)
        .WithRegion(Region.USWest)
        .Create();

我得到的错误是:

具有对象ID的客户端'ae8bc2ea-9680-4f66-934c-ad40b82c30ac' 'ae8bc2ea-9680-4f66-934c-ad40b82c30ac'没有授权 采取行动 范围上的"Microsoft.Resources/subscriptions/resourcegroups/write" '/subscriptions/e9d61100-a82a-48ca-b6f8-51b06a1eebe6/resourcegroups/5oxjhjic'.

The client 'ae8bc2ea-9680-4f66-934c-ad40b82c30ac' with object id 'ae8bc2ea-9680-4f66-934c-ad40b82c30ac' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/e9d61100-a82a-48ca-b6f8-51b06a1eebe6/resourcegroups/5oxjhjic'.

我已按照 https://docs.microsoft.com/zh-cn/azure/azure-resource-manager/resource-group-create-service-principal-portal
我正在尝试使用我的 Global Administrator 帐户

I have followed steps specified on https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal
As well as I am trying with my Global Administrator account

推荐答案

您显然不能与全局管理员一起尝试.您需要订阅并授予objectid'ae8bc2ea-9680-4f66-934c-ad40b82c30ac'贡献者权限(简便方法)或创建满足您需要的自定义角色(或数字预定义角色).

you cant be trying with global administrator, obviously. you need to go to you subscription and grant objectid 'ae8bc2ea-9680-4f66-934c-ad40b82c30ac' contributor permissions (easy way) or create a custom role (or figure predefined role) that meets your needs.

您可以使用门户网站执行此操作或使用Azure Powershell:

you can use portal to do that or azure powershell:

New-AzRoleAssignment -ObjectId 'ae8bc2ea-9680-4f66-934c-ad40b82c30ac' -Scope '/subscriptions/e9d61100-a82a-48ca-b6f8-51b06a1eebe6' -RoleDefinitionName contributor

等效的Azure CLI命令是:

the equivalent Azure CLI command is:

az role assignment create --assignee-object-id ae8bc2ea-9680-4f66-934c-ad40b82c30ac --scope subscriptions/e9d61100-a82a-48ca-b6f8-51b06a1eebe6 --role contributor

这篇关于具有对象ID xxx的客户端xxx没有权限执行Microsoft.Resources/subscriptions/resourcegroups/write'作用域的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！