![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 97%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
886 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 55.00000000000001%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hello @Aid,
Thank you for posting your query on Microsoft Q&A.
Based on the error message, I understand that your user account has been added to a Deny Assignments list at the root level.
Deny assignments block users from performing specific Azure resource actions even if a role assignment grants them access.
Important
You can't directly create your own deny assignments. Deny assignments are created and managed by Azure to protect resources.
Prerequisites
To get information about a deny assignment, you must have:
-
Microsoft.Authorization/denyAssignments/readpermission, which is included in most Azure built-in roles.
List deny assignments in the Azure portal
Follow these steps to list deny assignments at the subscription or management group scope.
- In the Azure portal, open the selected scope, such as resource group or subscription.
- Select Access control (IAM).
- Select the Deny assignments tab (or select the View button on the View deny assignments tile). If there are any deny assignments at this scope or inherited to this scope, they'll be listed as mentioned in the below Screenshot.
4.To display additional columns, select Edit Columns.
5. Add a checkmark to any of the enabled items and then select OK to display the selected columns.
Delete deny assignments in the Azure portal
1.Please make sure that you are having a role with enough privileges, like Owner or User Access Administrator.
2.Under the Deny assignments tab, select the affected user account and then delete or Remove the affected user account from Deny assignments list.
For additional details, please refer to the below document for your reference.
List Azure deny assignments - Azure RBAC | Microsoft Learn
I hope this above information provided is helpful. Please feel free to reach out if you have any further questions.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".