5

What I'm doing:

My machine learning developer is trying to manually provision a ML Workspace in Azure.

Error:

{"message":"The client 'name@company.com' with object id 'xxxxxxx-xxxxxx-xxxxx-xxxxxxetc.' does not have authorization to perform action 'Microsoft.MachineLearningServices/register/action' over scope '/subscriptions/'xxxxxxx-xxxxxx-xxxxx-xxxxxxetc.'' or the scope is invalid. If access was recently granted, please refresh your credentials. (Code: AuthorizationFailed)"}

What I've tried:

I see two existing discussions on this error from azure here and here. In both cases the users are using a service account with an API, and the gist of the solutions offered are to grant the service account the proper role assignments in access control. In my case, however, the user is trying to create the resource manually via the portal, and the user already has 'owner' role over the resource group. What more could I grant them? How does she refresh her credentials? Any pointers? THANKS!

208_man
  • 1,440
  • 3
  • 28
  • 59

1 Answers1

0

Definitely looks like a permission issue. spitball ideas, maybe you also have to add the account to the subscription??

edit:

definitely seems like a bug! https://github.com/MicrosoftDocs/azure-docs/issues/61114#issuecomment-677703149

Anders Swanson
  • 3,637
  • 1
  • 18
  • 43
  • 1
    Thank you @anders_swanson. We only give users owner permissions at the resource group level. This almost seems like a bug. – 208_man Aug 18 '20 at 20:30
  • Created this issue w/ documentation team to get some answers. https://github.com/MicrosoftDocs/azure-docs/issues/61114 – Anders Swanson Aug 18 '20 at 21:20
  • 1
    Thank you @anders_swanson. That's awesome. I've also emailed microsoft support. I'll share back here if I get an answer. – 208_man Aug 18 '20 at 21:39