I am getting this error when I am trying to deploy the app using Azure CLI
kagoolastha23 opened this issue · comments
Describe the bug
Unable to deploy the app using Azure CLI
To Reproduce
Steps to reproduce the behavior:
- Go to 'readme_azd'
- See error
Getting this error when I am trying to deploy using Azure CLI
TraceID: 6ac*****************************
ERROR: error executing step command 'provision': deployment failed: failing invoking action 'provision', error deploying infrastructure: starting deployment to subscription: PUT https://management.azure.com/subscriptions/eb5**************************************/providers/Microsoft.Resources/deployments/sampleappenv-1712313672
RESPONSE 403: 403 Forbidden
ERROR CODE: AuthorizationFailed
{
"error": {
"code": "AuthorizationFailed",
"message": "The client 'email' with object id '5b3**********************' does not have authorization to perform action 'Microsoft.Resources/deployments/write' over scope '/subscriptions/eb5***************************/providers/Microsoft.Resources/deployments/sampleappenv-1712313672' or the scope is invalid. If access was recently granted, please refresh your credentials."
}
}
TraceID: 6ac*********************************************
Screenshots
Configuration: Please provide the following
- Azure OpenAI model name and version (e.g. 'gpt4-32k')
- Is chat history enabled? No
- Are you using data? If so, what data source? (e.g. Azure AI Search)
I got owner level access on Azure OpenAI service but it is still not working. Do I need owner level permission at the resource group level?
To run azd up, you need these permissions:
- Your Azure account must have Microsoft.Authorization/roleAssignments/write permissions, such as Role Based Access Control Administrator, User Access Administrator, or Owner. If you don't have subscription-level permissions, you must be granted RBAC for an existing resource group and deploy to that existing group.
- Your Azure account also needs Microsoft.Resources/deployments/write permissions on the subscription level.
To run azd up, you need these permissions:
- Your Azure account must have Microsoft.Authorization/roleAssignments/write permissions, such as Role Based Access Control Administrator, User Access Administrator, or Owner. If you don't have subscription-level permissions, you must be granted RBAC for an existing resource group and deploy to that existing group.
- Your Azure account also needs Microsoft.Resources/deployments/write permissions on the subscription level.
How to enable both the permission you mentioned?
I assume you're working at a company that has restricted your account's permissions. Typically then, your company would have an IT department that could grant you those permissions, using steps like the ones detailed here: https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-steps