Trying to create Azure Pipeline using Visual Studio 2019 and getting this error message:
"The selected account doesn't have sufficient permissions to access
this Azure DevOps project. You'll need to use a different account.
The account I'm using is the admin on Azure DevOps server, and also the Azure tenant admin. What specific permissions do I need to create an Azure pipeline, in addition to being admin?
Related
I have created an automated Service Principal from the service requests on Azure Devops with sufficient permissions. Now, when I am trying to create an artifact which is an ML model (registered) it is not auto populating the registered models and resulting in an error.
I am using a free trial Azure account and attempting to implement CI CD for ML. I turned my firewall off and attempted as well but still the issue persists.
It appears that the Service Principal is not assigned the role in the appropriate subscription.
You need to grant the service principal Azure subscription access permission:
Login Azure portal->All service->Subscriptions->click your subscription->Access control(IAM)->Add role assignment->assign the correct role to your service principal
Refer to Use the portal to create an Azure AD application and service principal that can access resources and Assign Azure roles using the Azure portal for details.
I have connected my azure account in Data Studio and I am using Azure SQL migration extension (v0.1.12) to migrate on-prem SQL to Azure Managed Instance.
However my subscription details are not getting fetched.
Screen Shot Attached Here
When I manually add Azure Subscription details I am getting following error
Manually Entered Details
And the error message Error
The issue seems to be more of access level issues.
Below are the type of access levels that you need to have for creating Azure Migrate Appliance project
Contributor or Owner permissions in the Azure subscription.
Permissions to register Azure Active Directory (Azure AD) apps.
Owner or Contributor and User Access Administrator permissions in the Azure subscription to create an instance of Azure Key Vault, which is used during agentless server migration.
Below are the steps to set contributor or Owner permissions
From Azure Subscriptions panel select the subscription
Move to Access Control IAM and select Add role Assignment
Assign the following roles.
For complete information check the Microsoft Document on providing access.
I have created an Azure DevOps organization. I have created it with my outlook account. I want to connect it to Azure Active Directory (AAD), Default Directory, on my Azure portal. I am using the free account on Azure portal which allows me to have one subscription. The AAD directory is shown below:
I want to connect my Azure DevOps organization to Azure Active Directory. I am using the same user in Azure portal and Azure DevOps. I have basically created both by the same account. I am following the instruction at this link to connect Azure DevOps organization to Azure AD. I emphasize that in my case both are created by the same email. However, in Azure DevOps Organization settings, by clicking on "connect directory" under "Azure Active Directory", I get an error that: "User myuser#outlook.com is a guest in the target AAD tenant Default Directory. The current organization policy does not allow guest users to access the organization. Change the policy setting to allow external guest access and try again."
This is what I see at organization settings in DevOps:
This is the error when I try to connect it to AAD:
When I check my user in Azure Active Directory I can see it has global admin role, and is a member, not guest! It is after all the user by which I have created this account and all the resources: (It is the user on the second row:)
As mentioned earlier, this user has global administrator role:
I also tried changing my policies at AAD side to be able to connect my DevOps project to AAD, but again it fails. This is how the policies are:
I basically don't know what else I should do to connect DevOps to AAD. Any help is appreciated.
When you log in to Azure DevOps, it logs in with Microsoft Directory.
You need to switch the tenant to your default directory
Then you would be able to link your Azure AD tenant to your Azure DevOps Organization
I am facing an issue on Azure Data Factory when I try to access the Azure DevOps Git Repository that I configured. The error message is: "Invalid GIT configuration. You need to gain access to the repository before you can publish any changes. Details: Authentication error - you do not have access to the provided Azure DevOps account."
I am using the same account on both DevOps and Data Factory. My Azure portal access is "Contributor" at the subscription level and my DevOps role is Project Administrator on the project.
Regards,
Tania
I've tried various combinations of creating the repository as new from Data Factory as well as using an existing one created (by myself) in Azure DevOps.
From https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles in the Open Feedback items a user mentions that "the Build-in role Data Factory Contributor this is not in Allow part:
Action:Microsoft.DataFactory/locations/configureFactoryRepo/action"
I investigated the the contributor role and it appears to have the Action allowed as "Read" ?
ADF Repo Settings
ADF Repo Error
After the detailed message shared from #taniaw, this issue caused by the account confused.
Here has 2 accounts, A#abc.com, and A#efg.com.
When login to azure portal with A#abc.com, and configure the Azure Devops Git. It's all correct. Now, the issue is when go Azure Devops Git tab after the repos configured successfully, its access account used in the backend changed into A#efg.com. But this account does not has permission to access the organization and repos. That's why when click the Azure Devops Git tab, it is grey and receiving the error message "You do not access to the repository".
These detailed message can all be viewed by Fiddler. Everyone can use fiddler trace to know the exactly error caused then analyze it.
At last, the solution is this is the account mapping confused issue which need Azure Account Team support.
Verify the User configuration at Organization level:
The default is "Stakeholder" - it should be "Basic" actually.
Hope it is useful.
This issue was resolved today. The cause was a different Azure DevOps tenant where my account had been added as a guest had used an email account instead of my Azure AD account and this caused the confusion when passing credentials from Azure Data Factory to Azure DevOps. The issue was resolved by leaving the organization that had my user mis-configured as I'm no longer actively working on that project. A better solution may have been to have their Azure AD administrator update my guest account to the correct details.
I have an ASP.NET MVC application and want to deploy it to Azure cloud service.
I have added Azure cloud service deployment task and trying to configure the subscription details using "New button". There are two fields which ask for user name and password. So I entered my credentials that I use to login to portal.azure.com. But I get an error during release process. Can you please help if I am missing anything?
2018-02-14T22:43:28.0976940Z ##[command]Import-Module -Name C:\Program Files\WindowsPowerShell\Modules\AzureRM.Profile\2.1.0\AzureRM.Profile.psm1 -Global
2018-02-14T22:43:28.1499971Z ##[command]Add-AzureAccount -Credential System.Management.Automation.PSCredential
2018-02-14T22:43:31.8827701Z ##[error]AADSTS50079: The user is required to use multi-factor authentication.
The Azure classic portal has been retired, so you need to use the new portal and add Azure Resource Manager (Azure RM) service endpoint).
The simple way to add Azure RM service endpoint:
Create a new build definition
Add Azure App Service Deploy task, select the item in Available Azure subscription
Click Authorize button
After that, it will add related service endpoint to your team project.
Another way is that, you can refer to this blog to add service endpoint:
Connect your Azure subscriptions to VSTS in 3 clicks
You can create a set of deployment credentials that's different from your microsoft account's credentials.
Everything is pretty well explained here:
When you log into Microsoft Azure you are logging in with a Microsoft Account. This account lets you add, modify, and remove
resources within your Azure subscription. Some Azure resources such
as Websites and Mobile Services require a separate deployment
credential to publish code. This separate deployment credential can
be confusing and I wanted to document a few key points:
The username you choose for the deployment credential must be unique
across all Azure subscribers.
The deployment credential you create is
tied to your Microsoft account and is the same credential for all
Azure resources which require a deployment credential.
You do not
want to share your deployment credential. Again, this credential has
access to publish code to all Websites and Mobile Services that your
Microsoft account can administer