“Insufficient privileges to complete the operation.” in Azure

2
votes

My situation is as follows: I want to create an Azure service principal. But when I try to do it with this command az ad sp create-for-rbac, I always get the error "Insufficient privileges to complete the operation."

Am I correct in assuming this appears because I was invited by a regular user to this subscription?

And in order to expand my privileges do I need to be assigned the administrator role in this subscription?

2
azureazure-active-directoryservice-principal

2 Answers

1
votes

You're probably not a User Access Administrator since this is a role that needs to be set quite explicitly.

In the end, the reason is quite simple: you have "Insufficient privileges to complete the operation". You can read up on and try to Understand role definitions for Azure resources here.

1
votes

az ad sp create-for-rbac requires permissions in the subscription / a resource group (Owner or User access administrator role to be specific), and in addition requires permissions in the linked Azure Active Directory to register applications (as the command creates an app registration).