Attach ACR Error Are you an owner on this subscription

ERROR: Could not create a role assignment for ACR. Are you an Owner on this subscription?

while running terraform with default contributor permission from Azure DevOps you end up with this error when you try to create a role assignment.

In our case, we are using the service principal for Azure DevOps.

Solution #1

let see how to create a custom role with minimum permission to avoid this error.

Choose subscription “Access control (IAM) – Add – Add custom role –

Clone a role – Contributor

Friendly name for the custom role – aks custom role

Delete this “Microsoft.Authorization/*/Write from NoAction.

Choose next

choose next finish. In Assignable scopes, if you want the same custom role on different subscriptions you need to include them.

Now let’s use the custom role created and add service principal to the custom role

add role assignment – role – aks custom role – select the service principal you want to use.

Choose to add.

Solution #1 –

The quick solution is to change the service principal to Owner permission on the subscription and give legacy graph permission. This is one way of doing it. but certainly not a recommended way. Custom role to give minimum permission to achieve the same. without owner permission on the subscription.

Choose Application Permission – Application.ReadWrite.OwnedBy

Add Permission and click on “Grant Admin Consent”

About Satheshwaran Manoharan

Satheshwaran Manoharan is an Microsoft Office Server and Services MVP , Publisher of Azure365pro.com. Specialized in Office365 / Microsoft Exchange / Virtualization , Sathesh is an Messaging Expert supporting/Designing/Deploying many medium size businesses to large enterprises when it comes to Corporate messaging and Virtualization Infrastructure

Check Also

az Git Terraform configs to work behind Proxy

Let’s see how to configure proxy for az Git and Terraform behind an authenticated proxy …

Leave a Reply

Your email address will not be published.