Authorization error on Deploying Enterprise Scale ARM template
On this page there’s an ARM template that does the initial ESIAB bootrapping on your subscription.
You need to have elevated your access in your AAD tenant first, and have then waited for around 20 minutes for the Access management for Azure resources setting to properly be processed.
This is the error you’ll get; The client ‘email@example.com’ with object id ‘6afa6781-461b-4dbb-a7de-ece3aace57a0’ does not have authorization to perform action ‘Microsoft.Resources/deployments/validate/action’ over scope ‘/providers/Microsoft.Resources/deployments/NoMarketplace-20201013114552’ or the scope is invalid. If access was recently granted, please refresh your credentials.
I had an issue in the Portal setting the Access management for Azure resources setting, so used this command instead; az rest –method post -u “/providers/Microsoft.Authorization/elevateAccess?api-version=2016-07-01”
After you’ve enabled this, you then need to set RBAC on the / scope; loggedInUser=$(az ad signed-in-user show -o tsv –query userPrincipalName) echo $loggedInUser az role assignment create –scope ‘/’ –role ‘Owner’ –assignee-object-id $loggedInUser