Share via

Getting an issue while creating an endpoint deployment

Wasim Khan 20 Reputation points
2025-03-03T18:12:07.07+00:00

Hey team,

I am getting an issue while creating deployment using python sdk in azure ml studio

but when I was doing it locally and registering the model it was working fine. issuewithmodeldownload

endpointissue

Azure Machine Learning
Azure Machine Learning
An Azure machine learning service for building and deploying models.
3,170 questions
0 comments
Accepted answer
  1. Prashanth Veeragoni 1,185 Reputation points Microsoft External Staff
    2025-03-04T02:06:11.1466667+00:00

    Hi Wasim Khan,

    Welcome to Microsoft Q&A forum. Thank you for posting your query.

    The error message ResourceOperationFailure: Startup task failed due to incorrect role assignments on resource.

    The error message indicates that the deployment process in Azure ML Studio is failing because the service does not have the necessary permissions to complete the operation.

    Your local deployment and model registration worked fine, which suggests that your local environment has the correct permissions, but your Azure environment does not.

    Possible Causes of the Issue:

    Missing Role Assignments:

    The Azure ML deployment requires proper RBAC (Role-Based Access Control) permissions.

    The identity (User or Managed Identity) used for deployment lacks required roles on the resource (e.g., Azure ML Workspace, Storage, or Compute).

    Wrong Authentication Method:

    If you're using a Service Principal, it must have permissions to access the required resources.

    If using a User Authentication (Key-based or Token-based), your user might not have deployment permissions.

    Incorrectly Configured Managed Identity:

    If using Azure ML Managed Identity, ensure it has access to:

    Azure ML Workspace

    Storage Account (to fetch model artifacts)

    Compute Resource (to start the container)

    We can fix the issue by following ways:

    Verify Role Assignments:

    Go to Azure ML Studio

    Navigate to Azure Machine Learning Studio → Workspace Settings → Access Control (IAM).

    Check your User/Service Principal Role:

    Ensure that the deployment identity has one of the following roles:

    Contributor (for full control)

    Owner (if you need higher privileges)

    Machine Learning Workspace Contributor (minimum required)

    Check Compute & Storage Permissions:

    Go to Azure Portal → Storage Account (linked to ML workspace).

    Assign at least Storage Blob Data Contributor role.

    Assign Permissions to Managed Identity (if using it):

    If using Managed Identity, grant it the required roles

    Go to "Azure ML Compute" → "Identity"

    Ensure it has a role like Contributor or ML Workspace Contributor.

    Verify Your Deployment Authentication in Python

    If using a Service Principal, authenticate correctly:

    from azure.identity import DefaultAzureCredential
from azure.ai.ml import MLClient

credential = DefaultAzureCredential()
ml_client = MLClient(credential, subscription_id, resource_group, workspace_name)

    Ensure that the Service Principal has the right role in Azure.

    Retry the Deployment

    After fixing the role assignments, retry your deployment using:

    ml_client.online_endpoints.begin_create_or_update(endpoint)

    Hope this helps. Do let us know if you any further queries.   

    ------------- 

    If this answers your query, do click Accept Answer and Yes for was this answer helpful.

    Thank you.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Wasim Khan 20 Reputation points
    2025-03-04T10:25:43.14+00:00

    Added the RBAC to the endpoints for the newly created blob storage resolved the issue.
    Thanks Prashanth

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.