How to give API read / write permission for an added application in Azure

Question

When calling an API https://learn.microsoft.com/en-us/rest/api/virtualnetwork/publicipaddresses/list to get List IP Addresses through a postman I'm getting the following error :

{"error":{"code":"AuthorizationFailed","message":"The client 'acc04996-6ca3-4a2f-ba94-xxxx' with object id 'acc04996-6ca3-4a2f-ba94-xxxx' does not have authorization to perform action 'Microsoft.Network/publicIPAddresses/read' over scope '/subscriptions/a530d6ae-6e7f-4c74-89fb-97273a63f8cd/resourceGroups/nag_resource_group/providers/Microsoft.Network' or the scope is invalid. If access was recently granted, please refresh your credentials."}}

Please let me know how to grant permission so that I can call all the API's through Postman. Thanks

Answer 1

The error means your client app does not have the permission to do the Microsoft.Network/publicIPAddresses/read action.

To fix the issue, just navigate to the subscription or the resource group nag_resource_group in the portal -> Access control (IAM) -> Add -> Add role assignment -> search for your client app name and add it as a role e.g. Contributor, Virtual Machine Contributor.

If you don't want the built-in roles, you can also create a custom RBAC role, just include the Microsoft.Network/publicIPAddresses/read action in its Actions. If you are not familar with Azure RBAC roles, please refer to this link.