0

I am trying to create storage account via Postman. I created one service principal via Azure Portal and got access token with below parameters:

https://login.microsoftonline.com/mytenant_id/oauth2/v2.0/token
client_id='client_id'
&client_secret='client_secret'
&grant_type=client_credentials
&resource=https://management.azure.com

I tried to create storage account using generated access token with below query:

PUT
https://management.azure.com/subscriptions/subscriptionid/resourceGroups/resourcegroupname/providers/Microsoft.Storage/storageAccounts/storageaccountname?api-version=2018-02-01

But I got the error like below:

{
"error": {
"code": "AuthorizationFailed",
"message": "The client 'XXXXXXXXXXXXXXXXXX' with object id 'XXX does not have authorization to perform action 'Microsoft.Storage/storageAccounts/read' over scope '/subscriptions/XXXXXXXXXXXXXXXXXX/resourceGroups/resource/providers/Microsoft.Storage/storageAccounts/account' or the scope is invalid. If access was recently granted, please refresh your credentials."
}
}

I am the Global Admin and have owner access at subscription level. Could anyone suggest me what else needed?

user3394
  • 31
  • 5

1 Answers1

1

To resolve the error, try assigning Storage Account Contributor role to service principal at subscription level like below:

enter image description here

I tried to reproduce the same in my environment and got the same error when it dint have the required permissions like below:

enter image description here

After granting the permissions, I was able to create the storage account successfully like below:

enter image description here

To confirm the above, I verified it in the Portal like below:

enter image description here

Reference:

How to create Azure Storage Account with REST API using Postman – A Turning Point (raaviblog.com)

Rukmini
  • 6,015
  • 2
  • 4
  • 14
  • Thanks, it worked after assigning that role! Still don't know why it is needed even though I have owner access:) – user3394 Jun 27 '22 at 04:34