Azure giving subscription level resource group access to application

0
votes

I created a application in active directory and gave access to it at the resource group level and I am able to access the resources inside the resource group. But I don't see any option in preview portal to give access to the application at the subscription level.

When I am running the following code

ResourceManagementClient client =
testMain.createResourceManagementClient();
ResourceGroupOperations gpoperations = client.getResourceGroupsOperations();
ResourceGroup gp1 = new ResourceGroup("West US");
ResourceGroupCreateOrUpdateResult res = gpoperations.createOrUpdate("test123", gp1);
System.out.println("Resource group creation result" + res.getRequestId()+res.toString());

I am getting the following exception

Exception in thread "main" com.microsoft.windowsazure.exception.ServiceException: AuthorizationFailed: The client '2e027029-1019-46dc-b540-cbfe4a761647' with object id '2e027029-1019-46dc-b540-cbfe4a761647' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/88335ad5-6fe2-4532-b3d5-1af946310f85/resourcegroups/test123'. at com.microsoft.windowsazure.exception.ServiceException.createFromJson(ServiceException.java:292) at com.microsoft.azure.management.resources.ResourceGroupOperationsImpl.createOrUpdate(ResourceGroupOperationsImpl.java:495) at com.mycompany.resourcegroup.testMain.main(testMain.java:70)

How can i give access to the application, so that it can create and manage any resource group in my subscription ?

1
javaazureazure-resource-manager
I should have responded to your comment in your other question from a few days ago (sorry about that). The screenshot I included in my answer (stackoverflow.com/questions/33313950/…) is assigning permission to an application on a subscription. You would need to assign "Contributor" role to the application. Once you do that, your application should be able to create resource groups in your Azure subscription. HTH.Gaurav Mantri
For your Java code, please refer to the offical sample code github.com/Azure/azure-sdk-for-java/blob/master/… and follow the doc of authenticating an Azure Resource Request msdn.microsoft.com/en-us/library/azure/dn790557.aspx#bk_portal.Peter Pan
Thanks, I was able to locate the option to give subscription level priviege in the preview portal and the resource group creation worked fine with it.Squid

1 Answers

0
votes
  1. GO to your Azure Active Directory
  2. Click on Groups
  3. Click “+ New Group”
  4. Select the group type “Security”
  5. Enter group name (any name you want)
  6. Select Membership type “Assigned”
  7. In the owner select the owner of the application
  8. In the members select the application that you created/registered in the active directory.
  9. Now you are able to create your resources directly from your java client.