Deploy Azure function with contributor account permission

0
votes

I am working on a Azure environnent for a client, my account is set as "contributor".

  1. Somehow I cannot use the Azure build in console, I need to create a storage account but when I do so or when I use an existing one, I get the error : "Storage creation failed. Error: 403. does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read'"

  2. Then I tried to deploy using serverless, but then again I am facing the error: "does not have authorization to perform action 'Microsoft.Authorization/roleAssignments/write'"

My questions are:

  1. Which permission do I need to either use the console to deploy or deploy via serveless with a contributor account?

  2. Is there any other way to deploy a function with my current account?

1
azureazure-functionsserverless-plugins
It looks like you have contributor permission on a single resource group instead of on the whole subscription. Can you confirm that? If that's the case, then you can ask "Reader" permission on the entire subscription.Gaurav Mantri

1 Answers

0
votes

To add and remove role assignments, you must have:

Microsoft.Authorization/roleAssignments/write and Microsoft.Authorization/roleAssignments/delete permissions, such as User Access Administrator or Owner

To Manage resources in your Azure subscription you must have the minimum contributor access to the subscription.

To Manage resources within the resource group you must have contributor access to that particular resource group.

You can read more about RBAC and Built-in-roles in the following documents.