我正在尝试通过Postman创建存储帐户。我通过Azure Portal创建了一个服务主体,并获得了具有以下参数的访问令牌:
https://login.microsoftonline.com/mytenant_id/oauth2/v2.0/token
client_id='client_id'
&client_secret='client_secret'
&grant_type=client_credentials
&resource=https://management.azure.com我尝试使用生成的访问令牌和以下查询创建存储帐户:
PUT
https://management.azure.com/subscriptions/subscriptionid/resourceGroups/resourcegroupname/providers/Microsoft.Storage/storageAccounts/storageaccountname?api-version=2018-02-01但我得到的错误如下:
{
"error": {
"code": "AuthorizationFailed",
"message": "The client 'XXXXXXXXXXXXXXXXXX' with object id 'XXX does not have authorization to perform action 'Microsoft.Storage/storageAccounts/read' over scope '/subscriptions/XXXXXXXXXXXXXXXXXX/resourceGroups/resource/providers/Microsoft.Storage/storageAccounts/account' or the scope is invalid. If access was recently granted, please refresh your credentials."
}
}我是全局管理员,拥有订阅级别的所有者访问权限。有人能建议我还需要什么吗?
1条答案
按热度按时间piwo6bdm1#
若要解决此错误,请尝试将
Storage Account Contributor角色分配给订阅级别的服务主体,如下所示:我尝试在我的环境中重现相同的错误,但在它没有所需权限时出现相同的错误,如下所示:
授予权限后,我能够成功创建存储帐户,如下所示:
为了确认上述内容,我在门户网站中进行了如下验证:
参考:
How to create Azure Storage Account with REST API using Postman – A Turning Point (raaviblog.com)