OiO.lk Community platform!

Oio.lk is an excellent forum for developers, providing a wide range of resources, discussions, and support for those in the developer community. Join oio.lk today to connect with like-minded professionals, share insights, and stay updated on the latest trends and technologies in the development field.
  You need to log in or register to access the solved answers to this problem.
  • You have reached the maximum number of guest views allowed
  • Please register below to remove this limitation

Azure - RBAC to Management Group

  • Thread starter Thread starter Prawin
  • Start date Start date
P

Prawin

Guest
I'm unable to create a Service Connection for a Management Group. Below are more details

I have created a Management Group (my-mg)and added/assigned 2 subscriptions (dev-sub & prod-sub)

Created an App Registration say MG-APP

Assigned MG-APP the Management Group Contributor role in both dev-sub & prod-sub subscriptions

In Azure DevOps, I'm trying to create a Service Connection at Management Group Level using Service Principle (manual) and gave the Service Principle ID and Secret of the MG-APP and while verifying the connection it gives the below error.

The client '117aac40-82******' with object id '117aac40-82******' does not have authorization to perform action 'Microsoft.Management/managementGroups/read' over scope '/providers/Microsoft.Management/managementGroups/my-mg

Please let me know if I'm missing something?

Thanks, Praveen
<p>I'm unable to create a Service Connection for a Management Group. Below are more details</p>
<p>I have created a Management Group (<strong>my-mg</strong>)and added/assigned 2 subscriptions (<strong>dev-sub</strong> & <strong>prod-sub</strong>)</p>
<p>Created an App Registration say <strong>MG-APP</strong></p>
<p>Assigned <strong>MG-APP</strong> the <strong>Management Group Contributor</strong> role in both <strong>dev-sub</strong> & <strong>prod-sub</strong> subscriptions</p>
<p>In Azure DevOps, I'm trying to create a Service Connection at Management Group Level using <strong>Service Principle (manual)</strong> and gave the Service Principle ID and Secret of the <strong>MG-APP</strong> and while verifying the connection it gives the below error.</p>
<p>The client '117aac40-82******' with object id '117aac40-82******' does not have authorization to perform action 'Microsoft.Management/managementGroups/read' over scope '/providers/Microsoft.Management/managementGroups/<strong>my-mg</strong></p>
<p>Please let me know if I'm missing something?</p>
<p>Thanks,
Praveen</p>
Continue reading...
 

Latest posts

J
Replies
0
Views
1
jbowerbir
J
Top