Trying to scale Azure SQL DB using MSI for identity not autharised to perform action

0
votes

I am creating my first app function using powershell in the Azure portal, It's just to scale a SQLDB on I have tried to use this tutorial as a guide. MSI example

I turned on MSI for the function and configured resources groups Giving the contributor role to the resource

When I run the function within the portal, I get the message doesn't have authorization to perform action. from this tutorial I believe this is all I had to do ? I have waited over a day to see if it's a timing issue, from the example I Have followed and this MS document managed identies for app service

I don't believe I need to add any secret key for this to work?

Function Error message

Setting the function MSI identity to on

Seeting the access control in

1
azureazure-managed-identity

1 Answers

0
votes

The service principal you are using doesn't have rights within that tenant.

Tenants have subscriptions and service principals belong to tenants. Azure resource manager also exposes role based authorization for a given principal, which would give it rights on Azure resources. It appears the service principal doesn't have rights to read from that subscription.

Go to portal and find your subscription, click on Access Control (IAM) and then click on Add role assignment with correspond service principal which you use to acquire token.

After you have given successful permission, refresh and try again.