Some question of “Cloud endpoint creation failed”

0
votes

I want to add cloud endpoints in the Azure Sync group, my role is a contributor to EA.

There has an error message

"cloud endpoint creation failed" when I add the cloud endpoint in Azure Sync group.

Cloud endpoint '*****'

Code: 'AuthorizationFailed'

Details:

The client '' with object id '*' does not have authorization to perform action 'Microsoft.Authorization/roleAssignments/write' over scope '/subscriptions/**/resourceGroups/DefaultResourceGroup/providers/Microsoft.Storage/storageAccounts/***storage/providers/Microsoft.Authorization/roleAssignments/****'.

2
azureauthorization

2 Answers

1
votes

As the error clearly indicates that your role does not have permissions for role assignments. A Contributor role has all the permissions of that of an Owner role except assigning roles permission.

To solve this problem, you can:

  • Either make yourself an Owner on the subscription or at the resource level (storage account in your case).
  • Create a custom role using Contributor role as a template and add RoleAssignment capability to that role. You can then ask an owner to assign you that role.
1
votes

Another reply is correct basically, but one point is not correct, except assigning roles permission, the Contributor role also have other actions which it is not able to perform, like Delete roles and role assignments, Create or update any blueprint artifacts, Delete any blueprint artifacts.

For more details, you could refer to NotActions in this link.

enter image description here

To fix the issue, as mentioned,

  • Just perform the action with an Owner role at the scope of the subscription or storage account.

  • Assign you a custom role with the permission of Microsoft.Authorization/roleAssignments/write, you could refer to this link for more details about custom roles.