This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 4%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
I have the following error when creating a custom role:
with object id 26f83ad1-0683-493e-a0f1-fceSfc67332* does not have authorization to perform action Microsoft. Authorization/roleDefinitions/write over scope /providers/Microsoft.Authorization/roleDefinitions/subscription or the scope is invalid. If access was recently
cranted, please retrech vour credentials.
I am the owner of the portal and it does not allow me to create these roles even if they are basic roles like "Microsoft.Storage/*/read", it does not allow me to add them
Check your role access against one of the subscriptions.
https://learn.microsoft.com/en-us/azure/role-based-access-control/check-access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Hi @Juan Pablo Delgadillo Martinez
Thank you for posting this in Microsoft Q&A.
I understand that you are creating Azure custom roles but are encountering an authorization error.
To create Azure custom roles, you need either the Owner or User Access Administrator role.
As you mentioned, you are the owner of the portal. However, please ensure that your account has the necessary permissions to create custom roles.
Make sure you are attempting to create the role at the correct scope. The error message suggests that the scope you are using may be invalid or that you lack permissions for it.
https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal
If you are still encountering issues, please try creating the custom role using Azure PowerShell or Azure CLI instead of the Azure portal.
For your reference:
https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-powershell
https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-cli
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Hi @Juan Pablo Delgadillo Martinez
Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Hi @Navya
Just checking in to see if above information was helpful. If you have any further updates on this issue, please feel free to post back. If this answers your query, do click Accept Answer and Yes for was this answer helpful.