Certain Resource Groups have been created automatically upon the creation of other services
And even though I have the Contributor permission I still cannot delete a resource group
Note: I can delete any other service
Error:
Delete resource group X managedEnvironment-Labs-... Failed to delete resource group managedEnvironment_FunctionApps_c8a6-6b07-4183-9de8c6e00f30: The client '[email protected]' with object id '7435434-cb77-4521-gf65-3443gf45t43' has permission to perform action 'Microsoft.Resources/subscriptions/resourceGroups/de... on scope 7subscriptions/4d81cdff-75ea-4082-a6ed-434ffb43gvfd43/resourceGroups/managedEnvironment-Labs-9179_FunctionApps_c8a6-6b07-4183-9de8c6e00f30'; however, the access is denied because of the deny assignment with name 'c8a6-6b07-4183-9de8c6e00f30' and Id 'c8a66b0741839de8c6e00f30' at scope 7subscriptions/4d81cdff-75ea-4082-a6ed-434ffb43gvfd43/resourceGroups/managedEnvironment_FunctionApps_c8a6-6b07-4183-9de8c6e00f30'. (Code: DenyAssignmentAuthorizationFailed)
I have managed to delete another resource group - however this one in specific I can't delete.
Additional Note: this resource group has no deployments in it and it doesn't contain any service.
Despite having the necessary permissions on your account, the action is being denied due to a "deny assignment" in Azure. A deny assignment is a specific type of Azure policy that explicitly denies certain actions regardless of any granted permissions.
In this case, this deny assignment is identified by the name 'c8a6-6b07-4183-9de8c6e00f30' and ID 'c8a66b0741839de8c6e00f30' and is applied at the scope of the resource group you are trying to delete (managedEnvironment_FunctionApps_c8a6-6b07-4183-9de8c6e00f30).
You need to check why the deny assignment was applied to this resource group. It might be protecting critical resources from being deleted or altered.