0
votes

I keep getting the below error when I try and save and train my Azure monitor which will act as a data source for my dashboard in Grafana.

  1. Azure Monitor: Forbidden: AuthorizationFailed. The client '----------' with object id '----------' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourceGroups/read' over scope '/subscriptions/--------'.

I have entered my subscription ID, Tenant ID, and Client ID, as well as my Client secret. But for some reason keep getting this error.

Any help with this would be much appreciated!

1
The error clearly indicates that you don't have permission to list the resource groups. You will need to contact your Azure administrator to grant proper permissions.Gaurav Mantri
Any update this issue?Joy Wang-MSFT

1 Answers

0
votes

The error means your service principal(AD App) does not have the permission Microsoft.Resources/subscriptions/resourceGroups/read to the scope.

To fix the issue, navigate to the subscription or the specific scope in the portal -> Access control (IAM) -> Add -> Add role assignment -> search your service principal with name and add it as a role(e.g. Owner/Reader) -> Save.

Or if you don't what to add your service principal as a bulit-in role, you can create a custom role with the permissions you need, then add the service principal as a custom role in the resource(scope).

For more details, you could refer to this link. Lean more about azure role-based access control (RBAC), see here.