Azure deployment slot creation in azure not working

Question

I am trying to create a slot in azure app environment in Octopus via powershell script Here is my script,

$resourceGroupName = $OctopusParameters["ResourceGroupName"]
$name = $OctopusParameters["Name"]
New-AzureRmWebAppSlot -ResourceGroupName $resourceGroupName -Name $name -Slot blue

It works in dev environment but doesn't work in UAT. I can confirm both environments are the same. I've checked everything and looks identical in azure and octopus

The error I am getting is as follows

Calamari.exe : CloseError: The client '976C13ED-5E0E-45C2-8E7A-6172CD41A523' with object id 
'976C13ED-5E0E-45C2-8E7A-6172CD41A523' does not have authorization to perform action 'Microsoft.Web/sites/read' over  
scope '/subscriptions/87932404-80E8-4895-8F4A-E400E263E3DF/resourceGroups/cyberton-app-uat/providers/Microsoft.Web/sit 
es/cyberton-app-uat' or the scope is invalid. If access was recently granted, please refresh your credentials. 
At C:\Octopus\Work\20200929095107-112805-2926\Bootstrap.ps1:49 char:1 
+ &  "C:\Octopus\OctopusServer\Tools\Calamari.Cloud\9.0.5\Calamari.exe" ... 
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo          : NotSpecified: (CloseError: The...ur credentials.:String) [], RemoteException 
    + FullyQualifiedErrorId : NativeCommandError  
At C:\Octopus\Work\20200929095107-112805-2926\Script.ps1:7 char:1 
+ New-AzureRmWebAppSlot -ResourceGroupName $resourceGroupName -Name $name -Slot blue

I am running out of ideas, could you please help

Thanks

Answer 1

You should assign a subscription role to the service principal '976C13ED-5E0E-45C2-8E7A-6172CD41A523'.

In Azure portal, find your Azure subscription, click on Access Control (IAM) and then click on Add role assignment. Assign a role (eg. contributor) to the service principal.

If you think that the permissions for the subscription role are too large, you can find the corresponding resource to perform the same role assignment operation.