问题
I am trying to setup Azure DevOps 'Release' Pipeline, when I am trying to add Azure Resource Manager service Connection, I am getting error like 'Failed to create an app in Azure Active Directory. Error: Insufficient privileges to complete the operation. For troubleshooting refer to link. '
My Organization assigned me an Azure Professional Subscription account. When I click the Active Directory, I am getting error like 'Access denied. You do not have access. Looks like you don't have access to this content. To get access, please contact the owner.'
What sort of user role, the organization needs to assign to me so that I can setup the Azure DevOps Release Pipeline.
- The company can't give me the role as global administrator or user account administrator to ADFS, because of security reason. What is the appropriate ADFS user role permission my company should assign to me ?
回答1:
There's no way to do this without being a Global Admin or Owner on the Azure Active Directory tenant. You need to request access from your organization or else make your own account with your own subscription and publish the application there.
回答2:
See the link, last error https://docs.microsoft.com/en-us/azure/devops/pipelines/release/azure-rm-endpoint?view=azure-devops&viewFallbackFrom=vsts
This error is coming because you do not have sufficient privileges in your AAD, you do not have Write permission for the selected Azure subscription when the system attempts to assign the Contributor role.
回答3:
It worked for me when I tried to create my own new AD, and then I move the subscriptions I got from the company to this AD (it is just for dev and test). If you want it to work on production, maybe you should ask the administrator to create a new app registration for you and he should grant all permission to you inside this app (I guess). Best regards, Tai.
来源:https://stackoverflow.com/questions/52366279/failed-to-create-an-app-in-azure-active-directory-error-insufficient-privilege