Authorization permission on ms learn sandbox #30789
Assignees
Labels
ARM
az resource/group/lock/tag/deployment/policy/managementapp/account management-group
Auto-Assign
Auto assign by bot
Azure CLI Team
The command of the issue is owned by Azure CLI team
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
question
The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
Comments
domalca
added
the
bug
|
Thank you for opening this issue, we will look into it. |
microsoft-github-policy-service
bot
added
customer-reported
microsoft-github-policy-service
bot
added
Azure CLI Team
yonzhan
removed
the
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Hi,
having this trouble, I'd like to know if the next error message is solved by adquiring the correct permissions - authorizations:
PS C:\WINDOWS\system32> az group create --name domingo_dev --location spaincentral
(AuthorizationFailed) The client 'live.com#alonsodm@yahoo.es' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
Code: AuthorizationFailed
Message: The client 'live.com#alonsodm@yahoo.es' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
the account details are:
{
"environmentName": "AzureCloud",
"homeTenantId": "604c1504-c6a3-4080-81aa-b33091104187",
"id": "fcfd8558-600b-4e8c-8fc6-61a12221db20",
"isDefault": true,
"managedByTenants": [],
"name": "Concierge Subscription",
"state": "Enabled",
"tenantDefaultDomain": "learn.docs.microsoft.com",
"tenantDisplayName": "Microsoft Learn Sandbox",
"tenantId": "604c1504-c6a3-4080-81aa-b33091104187",
"user": {
"name": "alonsodm@yahoo.es",
"type": "user"
}
}
Thanks a lot beforhand for your answer
Related command
az group create
Errors
(AuthorizationFailed) The client 'live.com#alonsodm@yahoo.es' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
Code: AuthorizationFailed
Message: The client 'live.com#alonsodm@yahoo.es' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
Issue script & Debug output
cli.knack.cli: Command arguments: ['group', 'create', '--name', 'domingo_dev', '--location', 'spaincentral', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
Enable VT mode.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x000001EA08BE71A0>, <function OutputProducer.on_global_arguments at 0x000001EA08F88040>, <function CLIQuery.on_global_arguments at 0x000001EA08FA9440>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'group': ['azure.cli.command_modules.resource']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: resource 0.431 52 232
cli.azure.cli.core: Total (1) 0.431 52 232
cli.azure.cli.core: Loaded 52 groups, 232 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : group create
cli.azure.cli.core: Command table: group create
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x000001EA0B255DA0>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\domal.azure\commands\2025-02-07.18-33-46.group_create.7740.log'.
az_command_data_logger: command args: group create --name {} --location {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x000001EA0B29F100>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x000001EA0B2B54E0>, <function register_cache_arguments..add_cache_arguments at 0x000001EA0B2B5620>, <function register_upcoming_breaking_change_info..update_breaking_change_info at 0x000001EA0B2B56C0>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x000001EA08F880E0>, <function CLIQuery.handle_query_parameter at 0x000001EA08FA94E0>, <function register_ids_argument..parse_ids_arguments at 0x000001EA0B2B5580>]
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=ResourceManagementClient
cli.azure.cli.core.auth.persistence: build_persistence: location='C:\Users\domal\.azure\msal_token_cache.bin', encrypt=True
cli.azure.cli.core.auth.binary_cache: load: C:\Users\domal.azure\msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187
msal.authority: openid_config("https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/kerberos', 'tenant_region_scope': 'NA', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? True
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
cli.azure.cli.core.auth.msal_credentials: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 755bc364-6da2-4389-bed0-b11dbbfc8679
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev?api-version=2022-09-01'
cli.azure.cli.core.sdk.policies: Request method: 'PUT'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies: 'Content-Length': '28'
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': 'af1984e5-e579-11ef-bb02-9eb6d0b05b03'
cli.azure.cli.core.sdk.policies: 'CommandName': 'group create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--name --location --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.68.0 (ZIP) azsdk-python-core/1.31.0 Python/3.12.8 (Windows-10-10.0.19045-SP0)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: {"location": "spaincentral"}
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "PUT /subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev?api-version=2022-09-01 HTTP/1.1" 403 431
cli.azure.cli.core.sdk.policies: Response status: 403
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '431'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-failure-cause': 'gateway'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': 'ea72dd19-53c3-46ad-9d32-54cd2cf2d465'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': 'ea72dd19-53c3-46ad-9d32-54cd2cf2d465'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'FRANCESOUTH:20250207T173349Z:ea72dd19-53c3-46ad-9d32-54cd2cf2d465'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 590734ED0D2D405D9AD77E1B0E2A0D34 Ref B: MRS211050313033 Ref C: 2025-02-07T17:33:48Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 07 Feb 2025 17:33:48 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"error":{"code":"AuthorizationFailed","message":"The client 'live.com#alonsodm@yahoo.es' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials."}}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 666, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 734, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 703, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 336, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 120, in handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/resource/custom.py", line 1658, in create_resource_group
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/core/tracing/decorator.py", line 94, in wrapper_use_tracer
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/mgmt/resource/resources/v2022_09_01/operations/_operations.py", line 10597, in create_or_update
azure.core.exceptions.HttpResponseError: (AuthorizationFailed) The client 'live.com#alonsodm@yahoo.es' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
Code: AuthorizationFailed
Message: The client 'live.com#alonsodm@yahoo.es' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
cli.azure.cli.core.azclierror: (AuthorizationFailed) The client 'live.com#alonsodm@yahoo.es' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
Code: AuthorizationFailed
Message: The client 'live.com#alonsodm@yahoo.es' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
az_command_data_logger: (AuthorizationFailed) The client 'live.com#alonsodm@yahoo.es' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
Code: AuthorizationFailed
Message: The client 'live.com#alonsodm@yahoo.es' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x000001EA0B256020>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 1.969 seconds (init: 0.295, invoke: 1.674)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 4569 in cache file under C:\Users\domal.azure\telemetry\20250207183348062
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "E:\Descargas\Azure_CLI_LOCAL\python.exe E:\Descargas\Azure_CLI_LOCAL\Lib\site-packages\azure\cli\telemetry_init_.pyc C:\Users\domal.azure C:\Users\domal.azure\telemetry\20250207183348062"
telemetry.process: Return from creating process 10716
telemetry.main: Finish creating telemetry upload process.
Expected behavior
To create a resource group
Environment Summary
azure-cli 2.68.0
core 2.68.0
telemetry 1.1.0
Dependencies:
msal 1.31.1
azure-mgmt-resource 23.1.1
Python location 'E:\Descargas\Azure_CLI_LOCAL\python.exe'
Extensions directory 'C:\Users\domal.azure\cliextensions'
Python (Windows) 3.12.8 (tags/v3.12.8:2dc476b, Dec 3 2024, 19:30:04) [MSC v.1942 64 bit (AMD64)]
Legal docs and information: aka.ms/AzureCliLegal
Your CLI is up-to-date.
Additional context
No response
The text was updated successfully, but these errors were encountered: