search

Azure / azure-rest-api-specs

The source for REST API specifications for Microsoft Azure.
MIT License
2.69k stars 5.12k forks source link

Error: Microsoft.Sql/locations/managedDatabaseAzureAsyncOperation/read does not match any of the actions supported by the providers #13700

Open havlicekp opened 3 years ago

havlicekp commented 3 years ago

We have a custom RBAC role in Azure, having limited permissions. Call to create a SQL database (https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.sql.fluent.manageddatabasesoperationsextensions.createorupdateasync?view=azure-dotnet) ends with the following error:

Azure cloud exception occurred (code: AuthorizationFailed, reason phrase: Forbidden, status code: Forbidden, message: The client '****' with object id '****' does not have authorization to perform action 'Microsoft.Sql/locations/managedDatabaseAzureAsyncOperation/read' over scope '/subscriptions/****/resourceGroups/****/providers/Microsoft.Sql/locations/westeurope/managedDatabaseAzureAsyncOperation/****' or the scope is invalid. If access was recently granted, please refresh your credentials.)

However attempt to add the forementioned permission into our custom RBAC role ends with error too:

Set-AzRoleDefinition: 'Microsoft.Sql/locations/managedDatabaseAzureAsyncOperation/read' does not match any of the actions supported by the providers.

May I ask you assistance with this? It seems the permission returned from the API does not exist and we don't know which permission to add into our custom role to allow SQL database creation finish successfully.

ghost commented 3 years ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @azureSQLGitHub.

Issue Details
We have a custom RBAC role in Azure, having limited permissions. Call to create a SQL database (https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.sql.fluent.manageddatabasesoperationsextensions.createorupdateasync?view=azure-dotnet) ends with the following error: `Azure cloud exception occurred (code: AuthorizationFailed, reason phrase: Forbidden, status code: Forbidden, message: The client '****' with object id '****' does not have authorization to perform action 'Microsoft.Sql/locations/managedDatabaseAzureAsyncOperation/read' over scope '/subscriptions/****/resourceGroups/****/providers/Microsoft.Sql/locations/westeurope/managedDatabaseAzureAsyncOperation/****' or the scope is invalid. If access was recently granted, please refresh your credentials.)` However attempt to add the forementioned permission into our custom RBAC role ends with error too: `Set-AzRoleDefinition: 'Microsoft.Sql/locations/managedDatabaseAzureAsyncOperation/read' does not match any of the actions supported by the providers.` May I ask you assistance with this? It seems the permission returned from the API does not exist and we don't know which permission to add into our custom role to allow SQL database creation finish successfully.
Author: havlicekp
Assignees: akning-ms
Labels: `SQL`, `Service Attention`
Milestone: -
Stralle commented 1 year ago

@havlicekp Hi, is this issue resolved in the meantime?

qub1n commented 10 months ago

No, it is not fixed, I still see the same error message

Error: 'Microsoft.Sql/locations/managedDatabaseAzureAsyncOperation/read' does not match any of the actions supported by the providers.