Reputation: 769
Insufficient permissions for deploying ARM template using Python SDK
I've got a simple scirpt that should deploy an ARM template:
credentials = ClientSecretCredential(
client_id="<client-id>",
client_secret="<client-secret>",
tenant_id="<tenant-id>"
)
template = requests.get("<template-url>").json()
deployment_properties = {
'mode': DeploymentMode.incremental,
'template': template
}
deployment = Deployment(location="eastus", properties=deployment_properties)
client = ResourceManagementClient(credentials, subscription_id="<subscription-id>")
deployment_async_operation = client.deployments.begin_create_or_update_at_subscription_scope("test_deployment", deployment)
deployment_async_operation.wait()
When I try to run it, I get this error:
Exception Details: (InsufficientPrivilegesForManagedServiceResource) The requested user doesn't have sufficient privileges to perform the operation.
Code: InsufficientPrivilegesForManagedServiceResource
Message: The requested user doesn't have sufficient privileges to perform the operation.
The app registration I created, does have user_impersonation permission, which should do the trick.
Am I missing some permissions here?
Thanks for the help!
Upvotes: 0
Views: 691
Answers (1)
Reputation: 15519
The error "Insufficient permissions for deploying ARM template" usually occurs if you don't have required permissions to perform the deployment.
deployment_async_operation = client.deployments.begin_create_or_update_at_subscription_scope("test_deployment", deployment)
From above line of code, I assume you are deploying the ARM template at subscription level. Please check whether you have permissions at subscription level of scope.
To perform any action at subscription level you need either Global Admin Role or Owner Role for your subscription.
- To know how to assign roles for the subscription, please refer this MsDoc.
If still the issue persists, please check if the below option is enabled or not. If disabled, enable it like below:
Go to Azure Portal -> Azure Active Directory -> Properties -> Access management for Azure resources
Please refer the below links for more information:
User doesn't have permission to create deployment ARM template in Azure - Microsoft Q&A
Upvotes: 1
Related Questions
- Azure Release Pipeline does not have enough permissions to deploy Bicep/ARM template
- Error while deploying an ARM template to Azure
- Give Managed Identity permission to create app registration in Azure AD via ARM Template Deployment Script
- Unable to perform Azure ARM deployment because of 'ClientSecretCredential' issues
- Problems deploying Azure Data Factory via ARM template in Python
- Azure ADF ARM template deployment failing due to authorization for linked services
- Azure Budget ARM template deployment unauthorized
- Azure ARM template deployment using Python
- Deployment of ARM: Authorization failed for template resource 'sql
- Error while deploying ARM template to Azure