I am trying to create a SQL connector with details within my ARM Template and deploying through DevOps using ARM template deployment.
My current subscription would like to access our generic subscription so I can add the credentials to the on-premise data gateway connectivity to a SQL Server on-prem.
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[parameters('connections_sql_winauth_name')]",
"location": "northeurope",
"kind": "V1",
"properties": {
"displayName": "winauth-cn",
"customParameterValues": {},
"parameterValues": {
"server": "[parameters('bi_server_name')]",
"database": "{dB}",
"authType": "Windows Authentication",
"username": "{username}",
"password": "{password}",
"gateway": {
"id": "/subscriptions/{different subscription}/resourceGroups/{resourceGroup}/providers/Microsoft.Web/connectionGateways/{data gateway-resource-name}"
}
},
"api": {
"id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/northeurope/managedApis/sql')]"
}
}
},
When I try and run deployment pipeline I receive the following error:
2021-01-26T16:49:37.7344633Z ##[error]LinkedAuthorizationFailed: The client 'x' with object id 'y' has permission to perform action 'Microsoft.Web/connections/write' on scope '/subscriptions/{current subscription}/resourcegroups/{mainResourceGroup}/providers/Microsoft.Web/connections/sql-02'; however, it does not have permission to perform action 'Microsoft.Web/connectionGateways/associate/action' on the linked scope(s) '/subscriptions/{differentSubscription}/resourceGroups/{resourceGroup}/providers/Microsoft.Web/connectionGateways/{data gateway-resource-name}' or the linked scope(s) are invalid.
Does anyone have any idea how I can deploy with success? I know this is possible within the portal, but in the portal I am struggling with applying the credentials on the renamed API-connection I have created.
