While creating Azure_KeyVault Secrets getting the error ,
“The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes for role assignments to become effective.”
Error information
Code
Forbidden
Message
The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes for role assignments to become effective.
Raw error
Caller is not authorized to perform action on resource. If role assignments, deny assignments or role definitions were changed recently, please observe propagation time. Caller: appid=3686488a-04fc-4d8a-b967-61f98ec41efe;oid=7e6b2746-4bcf-4d8b-8f3b-18504448c88c;iss=https://sts.windows.net/628ab173-d677-4cae-af42-d41ef78a1b1c/ Action: ‘Microsoft.KeyVault/vaults/secrets/setSecret/action’ Resource: ‘/subscriptions/7bbbb89c-3273-4ad3-b278-2e7cbf1f410b/resourcegroups/changenotificationtest/providers/microsoft.keyvault/vaults/gr-notification-keyvault/secrets/keyvault-secret’ Assignment: (not found) DenyAssignmentId: null DecisionReason: null Vault: Gr-Notification-keyVault;location=centralindia
1
Posting an answer to help community
Initially I got the same error:
The error “The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes for role assignments to become effective.” usually occurs if the signed in user do not have required role to perform the action.
To create secrets, assign Key Vault Secrets Officer role to the user like below:
Refresh the portal and now you will be able to create secrets:
Reference:
Grant permission to applications to access an Azure key vault using Azure RBAC | Microsoft
2