Insufficient permissions to create Azure DevOps project while having Owner permission

0
votes

After being invited to a client's Azure account and having "Owner" role + access to "Azure AD user, group, service principal" granted I am able create App Services, import source from Github but when I try to create a DevOps project to start actual work I get an error:

enter image description here

Following the link towards more details I can see that its about permission issue but if I re-check my permissions:

enter image description here

It says "Owner" but the scope is: "This resource" - note that these infos are under the single Subscription that my client created, however if I click my name for detailed view on my identity I see "Guest":

enter image description here

What would be the proper way to grant me global permissions on my clients Azure account?

Thanks!

1
azureazure-devopsazure-active-directoryazure-web-app-service
probably need more permissions? :)4c74356b41
I've read the docs and it seem that this is the highest in RBAC (role based access control).Edmond Tamas
probably needs more azure ad permissions, try with global admin account. the error clearly suggests that4c74356b41
Thanks, checking that.Edmond Tamas

1 Answers

1
votes

If you create a project, it will automatically create an AD App named like organizationname-projectname-513f22f1-befd-xxxxxxcfe90f1 in the App Registerations in your tenant.

To fix the issue, let the global admin of your tenant to modify the user settings. Navigate to the Azure Active Directory in the portal -> User settings -> set Users can register applications to Yes.

enter image description here

Then in the Manage external collaboration settings, set the Guest users permission are limited to No.

enter image description here

enter image description here

Besides, if you can get an administrator role, no matter the settings are, you can create the app directly.