Share →
Buffer

Resolving ‘AuthorizationFailed’ – The client does not have authorization to perform action ‘Microsoft.Storage/register/action’ over scope

At the office, we’re in the process of moving resources (storage accounts, VMs, etc.) from one Azure subscription to another brand-new Azure subscription. We created a resource group on the destination Azure subscription and set up granular security permissions with the built-in roles. I’ve been given Contributor permissions for a specific resource group, KnowledgeLibrary-DevTest, so I can create and delete resources but not manage security for the resource group.

I tried to create a storage account in this new Azure subscription, but received a validation error:

‘AuthorizationFailed’ – The client {my email address}’ with object id ‘…’ does not have authorization to perform action ‘Microsoft.Storage/register/action’ over scope ‘/subscriptions/{subscription id}’. (Code: AuthorizationFailed) (Code: 8)

sachiblogWe were a little puzzled by this error because the documentation states that contributors in resource groups have permission to create and delete any resource in those resource groups. Luckily, StackOverflow helped us figure out what was going on in the background.

Although the Contributor role allows you to create resources, if the Azure subscription that you are using is brand new, the subscription may not be initially registered with resource providers which only a Subscription Administrator can perform. When a Subscription Admin creates resources through the

portal or command-line, a special action happens that creates and registers the resource provider, so if the admin deletes the resource afterwards, the contributor can still create the same type of resource since it was registered when the admin created the resource. If nothing has been created in the subscription before, the error that we ran into is the one that you’ll see.

This means that when we got that error, we didn’t have any resource providers registered. There wasn’t too much documentation out there, so that’s where this post comes in. If you get that error like we have if you have a new Azure subscription or users can’t create certain types of resources, you’ll need to register those resources through the REST API, Azure CLI, or PowerShell. See this Azure documentation link for grabbing the commands or links to register resources.

We wanted to go through PowerShell to register all of the resources, so here’s the code that you can use that will loop through all of the available resource providers and register them. Your Subscription Admin will have to run these commands.

First, let’s log in:

Login-AzureRm

Second, if you have more than one subscription under your account, then you will want to set the current subscription to be the one you want:

#Shows all of the subscriptions for your account

Get-AzureRmSubscription

#Set the current subscription

Get-AzureRmSubscription -SubscriptionName “KnowledgeLibrary-DevTest” | Set-AzureRmContext

Last, we’ll loop through all of the available provider namespaces and register them. When it runs, it will show the new resource providers as “Registering,” and it will take a little time for them to finish.

Get-AzureRmResourceProvider -ListAvailable | Select-Object ProviderNamespace | Foreach-Object { Register-AzureRmResourceProvider -ProviderName $_.ProviderNamespace -Force }

And that’s it! If you find yourself scratching your head why that error above pops up, check to make sure that the resource providers are registered and if not, run some PowerShell/REST API/CLI commands and you should be up and running quickly.

Print Friendly
Tagged with →  
  • rudrayya nm

    I also faced the similar issue, it helped me to understand the problem thank you.

  • rudrayya nm

    I have contacted the Microsoft team for the same issue, and they are still working on it.
    But from this post it is very clear and precise solution i have got it.

    Thanks
    Rudra

  • Alejandro B. Martin

    where are the links ? pics ?? disspeared, useless with the required info