I'm trying to GET https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups?api-version=2020-09-01 using postman application from my desktop. For Authorization I passed the bearer token acquired from the response.
However getting the below error.
{ "error": { "code": "AuthorizationFailed", "message": "The client '02d899d6-c2d5-47d3-' with object id '02d899d6-c2d5-47d3-87b' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/{{subscriptionId}}' or the scope is invalid. If access was recently granted, please refresh your credentials." } }
I'm not able to find this client id in my subscription to assign the role. Where can I find this client id in the portal? Also tried to register the postman app in my subscription but the create operation is greyed out. Could anyone help on this?
I tried to reproduce the same in my environment and got below results
I registered one Azure AD application and granted API permission like below:
I generated access token via Postman using below parameters:
Response:
When I used that token to list resource groups, I got same error as you like below:
Response:
The client ID in the error is the
ObjectIDof service principal associated with your Azure AD application having same name that can be found here:Go to Azure Portal -> Azure Active Directory -> Enterprise Applications -> All applications -> Select Application
To resolve the error, assign Reader role to your service principal under your subscription as below:
Go to Azure Portal -> Subscriptions -> Your Subscription -> Access control (IAM) -> Add role assignment
After assigning the role, I generated the token again and got the list of resource groups successfully like below:
Response