2

I have a DevOps release pipeline pushing out (via CLI on a VM) to a dev resource group happily. When I add a stage pushing to an identical QA resource group I get the below.

ERROR: (AuthorizationFailed) The client '' with object id '' does not have authorization to perform action 'Microsoft.Web/sites/config/list/action' over scope '/subscriptions//resourceGroups//providers/Microsoft.Web/sites//config/publishingcredentials' or the scope is invalid. If access was recently granted, please refresh your credentials.

Is there a place I should be looking at first?

Robbie C
  • 51
  • 2
  • 11

1 Answers1

2

The error is due to the service principa(in azure devops, typically is 'service connection') doesn't have correct role/permission on the target resource.

  1. Please find your service connection in Project settings. enter image description here

  2. Click Manage Service Principal which will redirect you to the Application Registration of the Service Principal. All you need to do here is copy the name (the default format is <account>-<prject>-<GUID>).

  3. Go back and click Manage service connection roles which will redirect you to the IAM blade of the Azure Subscription. Here you need to assign a role to the service principal of which you copied the name of in the previous step. you can add it as subscription owner/contributor role on the target subscription simply.

You can check similar answer here.

wade zhou - MSFT
  • 1,397
  • 1
  • 3
  • 6