cannot create Azure_KeyVault Secrets

Question

While creating Azure_KeyVault Secrets getting the error , "The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes for role assignments to become effective."

Error information Code Forbidden Message The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes for role assignments to become effective. Raw error Caller is not authorized to perform action on resource. If role assignments, deny assignments or role definitions were changed recently, please observe propagation time. Caller: appid=3686488a-04fc-4d8a-b967-61f98ec41efe;oid=7e6b2746-4bcf-4d8b-8f3b-18504448c88c;iss=https://sts.windows.net/628ab173-d677-4cae-af42-d41ef78a1b1c/ Action: 'Microsoft.KeyVault/vaults/secrets/setSecret/action' Resource: '/subscriptions/7bbbb89c-3273-4ad3-b278-2e7cbf1f410b/resourcegroups/changenotificationtest/providers/microsoft.keyvault/vaults/gr-notification-keyvault/secrets/keyvault-secret' Assignment: (not found) DenyAssignmentId: null DecisionReason: null Vault: Gr-Notification-keyVault;location=centralindia

Answer 1

Posting an answer to help community

Initially I got the same error:

The error "The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes for role assignments to become effective." usually occurs if the signed in user do not have required role to perform the action.

To create secrets, assign Key Vault Secrets Officer role to the user like below:

Refresh the portal and now you will be able to create secrets:

Reference:

Grant permission to applications to access an Azure key vault using Azure RBAC | Microsoft