azure-sdk-for-net icon indicating copy to clipboard operation
azure-sdk-for-net copied to clipboard

Published 20 hours ago verified publisher icon Azure

Action Microsoft.Sql/locations/shortTermRetentionPolicyAzureAsyncOperation/read does not exist

Open simader opened this issue 2 years ago • 4 comments

Hello,

I have the following code, which works with my Admin Account. grafik

However if a try a user with limited permission i get the following error message 403 The client '----' with object id '---' does not have authorization to perform action 'Microsoft.Sql/locations/shortTermRetentionPolicyAzureAsyncOperation/read' over scope '/subscriptions/---/resourceGroups/r---/providers/Microsoft.Sql/locations/westeurope/shortTermRetentionPolicyAzureAsyncOperation/0a84c678-f877-4f13-9241-3d4a8eb91cfb' or the scope is invalid. If access was recently granted, please refresh your credentials.

When i try to find this right to add it to my role it says it does not exist.

grafik

I only can find :"Microsoft.Sql/locations/shortTermRetentionPolicyOperationResults/read" However this does not help.

Please Advice.

simader avatar Nov 10 '22 12:11 simader

Label prediction was below confidence level 0.6 for Model:ServiceLabels: 'SQL:0.15643765,AppAuthentication:0.07991676,Service Bus:0.06396555'

azure-sdk avatar Nov 10 '22 12:11 azure-sdk

Thank you for reaching out and we regret that you're experiencing difficulties. Would you please provide the name and version of the Azure SDK package that you're using?

jsquire avatar Nov 10 '22 13:11 jsquire

Azure.ResourceManager.Sql in Version 1.0.0

simader avatar Nov 10 '22 13:11 simader

Thank you for your feedback. Tagging and routing to the team member best able to assist.

jsquire avatar Nov 10 '22 13:11 jsquire

Thank you for your feedback. This has been routed to the support team for assistance.

ghost avatar Dec 14 '22 09:12 ghost

@simader Thanks for reaching out to us and reporting this issue. Could you please try adding Microsoft.Sql/locations/*/read permissions to that user and try again after sometime ? Awaiting your reply.

navba-MSFT avatar Dec 19 '22 03:12 navba-MSFT

Hi @simader. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text “/unresolve” to remove the “issue-addressed” label and continue the conversation.

ghost avatar Dec 20 '22 04:12 ghost

Hi, I didn't had time so far to try this out. but I gave you very detailed instructions, you should be able to test it yourself. And if this workaround is your solution than it should be saided in the error message.

simader avatar Dec 21 '22 07:12 simader

@simader Thanks for your reply. I have tested the above action plan and it did work fine at my end. Could you please test the same and share an update ?

navba-MSFT avatar Dec 21 '22 07:12 navba-MSFT

Yes, I can confirm that "Microsoft.Sql/locations/*/read" helps. However the error message still tells that 'Microsoft.Sql/locations/shortTermRetentionPolicyAzureAsyncOperation/read' is missing.

simader avatar Dec 21 '22 07:12 simader

@simader Thanks for getting back. I did some research on this and found that there is an RBAC action Microsoft.Sql/locations/shortTermRetentionPolicyOperationResults/read, this is deceptively similar to shortTermRetentionPolicyAzureAsyncOperation. So creating a custom role with this action should also help.

navba-MSFT avatar Dec 22 '22 04:12 navba-MSFT

Hi @simader, since you haven’t asked that we “/unresolve” the issue, we’ll close this out. If you believe further discussion is needed, please add a comment “/unresolve” to reopen the issue.

ghost avatar Dec 29 '22 10:12 ghost