RBACAccessDenied with az deployment sub create

[adeliab]

az feedback auto-generates most of the information requested below, as of CLI version 2.0.62

Related command az deployment sub create

Describe the bug I'm testing a bicep deployment locally with command az deployment sub create --location westeurope --template-file main.bicep The bicep file is intended to create a budget resource

I got this error {"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Unauthorized","message":"{\r\n \"error\": {\r\n \"code\": \"RBACAccessDenied\",\r\n \"message\": \"The client does not have authorization to perform action. Request ID: b022aa4a-29f0-45c2-844a-bd15ef154150\"\r\n }\r\n}"}]}}

az account show shows that I'm connected with the right user & subscription. My user has an Owner access to this subscription and I've also added the Cost Contributor role manually and it still doesn't work.

I've checked this page https://docs.microsoft.com/en-us/azure/azure-resource-manager/troubleshooting/common-deployment-errors but it doesn't have RBACAccessDenied error code.

To Reproduce I'm following this file: https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/quick-create-budget-bicep?tabs=CLI#no-filter And run the az deployment sub create as mentioned

Expected behavior The budget resource is created

Environment summary cli version: 2.37.0 shell: cmd & powershell in VS code

Additional context

• With my user account, can create the budget via Azure Portal
• I can also run the az deployment sub what-if successfully with the same bicep file

[ghost]

Thank you for your feedback. This has been routed to the support team for assistance.

[yonzhan]

route to CXP team

[adeliab]

Apprently this is caused because the actionGroups need a resourceId than the name. Would be good to add this to the documentation

And to return a clearer error than RBAC error

[ghost]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @josephkwchan, @jennyhunter-msft.

Issue Details

---

> ### `az feedback` auto-generates most of the information requested below, as of CLI version 2.0.62 **Related command** az deployment sub create **Describe the bug** I'm testing a bicep deployment locally with command `az deployment sub create --location westeurope --template-file main.bicep` The bicep file is intended to create a budget resource I got this error `{"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Unauthorized","message":"{\r\n \"error\": {\r\n \"code\": \"RBACAccessDenied\",\r\n \"message\": \"The client does not have authorization to perform action. Request ID: b022aa4a-29f0-45c2-844a-bd15ef154150\"\r\n }\r\n}"}]}}` `az account show` shows that I'm connected with the right user & subscription. My user has an **Owner** access to this subscription and I've also added the **Cost Contributor** role manually and it still doesn't work. I've checked this page https://docs.microsoft.com/en-us/azure/azure-resource-manager/troubleshooting/common-deployment-errors but it doesn't have RBACAccessDenied error code. **To Reproduce** I'm following this file: https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/quick-create-budget-bicep?tabs=CLI#no-filter And run the az deployment sub create as mentioned **Expected behavior** The budget resource is created **Environment summary** cli version: 2.37.0 shell: cmd & powershell in VS code **Additional context** - With my user account, can create the budget via Azure Portal - I can also run the az deployment sub what-if successfully with the same bicep file

Author:	adeliab
Assignees:	-
Labels:	`Service Attention`, `ARM`, `CXP Attention`, `Auto-Assign`
Milestone:	Backlog