I've got a simple scirpt that should deploy an ARM template:
credentials = ClientSecretCredential(
client_id="<client-id>",
client_secret="<client-secret>",
tenant_id="<tenant-id>"
)
template = requests.get("<template-url>").json()
deployment_properties = {
'mode': DeploymentMode.incremental,
'template': template
}
deployment = Deployment(location="eastus", properties=deployment_properties)
client = ResourceManagementClient(credentials, subscription_id="<subscription-id>")
deployment_async_operation = client.deployments.begin_create_or_update_at_subscription_scope("test_deployment", deployment)
deployment_async_operation.wait()
When I try to run it, I get this error:
Exception Details: (InsufficientPrivilegesForManagedServiceResource) The requested user doesn't have sufficient privileges to perform the operation.
Code: InsufficientPrivilegesForManagedServiceResource
Message: The requested user doesn't have sufficient privileges to perform the operation.
The app registration I created, does have user_impersonation permission, which should do the trick.
Am I missing some permissions here?
Thanks for the help!
CodePudding user response:
The error "Insufficient permissions for deploying ARM template" usually occurs if you don't have required permissions to perform the deployment.
deployment_async_operation = client.deployments.begin_create_or_update_at_subscription_scope("test_deployment", deployment)
From above line of code, I assume you are deploying the ARM template at subscription level. Please check whether you have permissions at subscription level of scope.
To perform any action at subscription level you need either Global Admin Role or Owner Role for your subscription.
- To know how to assign roles for the subscription, please refer this
Please refer the below links for more information:
User doesn't have permission to create deployment ARM template in Azure - Microsoft Q&A