Skip to content

TechDirectArchive

Hands-on IT, Cloud, Security, Veeam & DevOps

  • Home
  • About
  • Advertise With US
  • Reviews
  • Contact
  • Toggle search form

Fix Users must have at least permission on these subscriptions

Posted on 19/02/202624/06/2026 IT Expert By IT Expert No Comments on Fix Users must have at least permission on these subscriptions
  1. Home
  2. AWS/Azure/OpenShift
  3. Fix Users must have at least permission on these subscriptions
Azure subscription role assignment

In this article, we shall discuss “how to fix users must have at least permission on these subscriptions”. This error was prompted when onboarding M365, Azure and Entra ID to Veeam Data Cloud (VDC) as discussed here “A-Z on Veeam Data Cloud: Workload Enrollment and Onboarding“. Veeam Data Cloud is a fully managed SaaS platform for data resilience. It provides backup, recovery, and protection for cloud-native workloads without needing your own infrastructure. Please see how to fix Error 401 Permission denied for invalid PVE ticket.

VDC unifies management across multiple services via a single UI, leveraging Veeam’s core backup tech for security and scalability.

Please see How to uninstall GitLab Runner from your Windows device, how to create a Windows Server reference image using WDS, and how to move Azure Resources between Subscriptions.

Why was the error “Microsoft Authorisation/roleAssignments/write permission needed” prompted?

As you can see, “the error occurred because the current user account lacks the Microsoft.Authorisation/roleAssignments/write permission.

This authority is needed to protect Azure resources by assigning roles at the selected subscription scope.

This is common in Azure setups for delegated management, as it is for VDC. Where the managing tenant needs elevated permissions on the customer tenant’s subscription.

fix error

Furthermore, you can see that the client does not right authority

Role Assignment

To fix this, first, let us toggle the security defaults  (Azure Management for Azure Resources to enabled).

Note: Security defaults are pre-configured protections (free in all Entra ID tiers) that enforce MFA for all users/admins, block legacy authentication, and protect Azure portal access.

accept account to manage your system

Quick fix to you must have at least permission on these subscriptions

The permissions to assign were clearly spelt out in the error message above. Since this is my admin account.

I will assign the role of an “Owner” or, in your case, a “User Access Administrator” role on the target subscription. These include the required write permission.

To do this, navigate to the Azure Portal > Subscriptions > Access control (IAM) > Add role assignment as shown below.​

add role assignment

Select “Owner” under roles as shown below

owner

Ensure this role is assigned to the individual account.

To do this, we will have to select the users and click on save.

select members

These are the members with the needed rights as owners, and click Next.

members selected

Under the condition, ensure to select “Allow Users to assign all roles (highly privileged). This is okay for my lab environment. You can go with the recommended approach and click on Next.

highly previledge role

At the Review and Assign window, click on “Review and Assign”.

review and assign

We have successfully assigned the Owner role to the account. If you wish to verify with PowerShell as well, you can run the cmdlet below.

Get-AzRoleAssignment -SignInName your@email.com
role assignments

Now, you should be able to onboard the Azure Tenant into Veeam Data Cloud without issues.

default region

I hope you found this article on how to Fix Users must have at least permission on these subscriptions very useful. Please, feel free to leave a comment below.

5/5 - (1 vote)

Thank you for reading this post. Kindly share it with others.

  • Share on X (Opens in new window) X
  • Share on Reddit (Opens in new window) Reddit
  • Share on LinkedIn (Opens in new window) LinkedIn
  • Share on Facebook (Opens in new window) Facebook
  • Share on Pinterest (Opens in new window) Pinterest
  • Share on Tumblr (Opens in new window) Tumblr
  • Share on Telegram (Opens in new window) Telegram
  • Share on WhatsApp (Opens in new window) WhatsApp
  • Share on Mastodon (Opens in new window) Mastodon
  • Share on Bluesky (Opens in new window) Bluesky
  • Share on Threads (Opens in new window) Threads
  • Share on Nextdoor (Opens in new window) Nextdoor
AWS/Azure/OpenShift Tags:Azure, Azure access denied subscription error, Azure Active Directory, Azure AD Tenant, Azure IAM permission issue, Azure Management for Azure Resources, Azure role assignment required, Azure subscription user access troubleshooting, configure user permissions on Azure subscription, ensure users have required subscription permissions, Entra ID, Entra ID Tenant, fix insufficient privileges on subscription, fix role-based access control error Azure, fix subscription scope permission problem, how to assign subscription permissions Azure, resolve access control error in Azure portal, subscription authorization failure fix

Post navigation

Previous Post: How to fix Error 401 Permission denied for invalid PVE ticket
Next Post: Synchronize Apple Calendar on Windows with Outlook [Part 2]

Related Posts

  • Storage Explorer
    How to Install Azure Storage Explorer on Windows AWS/Azure/OpenShift
  • azure ADConnect
    Repair or Uninstall Azure AD Connect: Uninstall Azure AD Connect AWS/Azure/OpenShift
  • images
    AWS Network Adapter: Redhat to Citrix PV and AWS PV Driver AWS/Azure/OpenShift
  • Angular 1
    How to deploy an Angular App to AWS S3 AWS/Azure/OpenShift
  • Commvault Docker Images
    Pull and Push Commvault Images to Azure Container Registry AWS/Azure/OpenShift
  • EC2 Public IP
    How to Allocate, Associate, Disassociate and Release Elastic IP Address from an EC2 Instance AWS/Azure/OpenShift

More Related Articles

Storage Explorer How to Install Azure Storage Explorer on Windows AWS/Azure/OpenShift
azure ADConnect Repair or Uninstall Azure AD Connect: Uninstall Azure AD Connect AWS/Azure/OpenShift
images AWS Network Adapter: Redhat to Citrix PV and AWS PV Driver AWS/Azure/OpenShift
Angular 1 How to deploy an Angular App to AWS S3 AWS/Azure/OpenShift
Commvault Docker Images Pull and Push Commvault Images to Azure Container Registry AWS/Azure/OpenShift
EC2 Public IP How to Allocate, Associate, Disassociate and Release Elastic IP Address from an EC2 Instance AWS/Azure/OpenShift

Leave a Reply Cancel reply

You must be logged in to post a comment.

Microsoft MVP

VEEAMLEGEND

vexpert-badge-stars-5

Virtual Background

GoogleNews

Categories

veeaam100

Veeam Vanguard

  • image 81
    How to Deploy Dynamic Website to AWS EC2 AWS/Azure/OpenShift
  • mysqlhero
    How to reset MySQL Root password Oracle/MSSQL/MySQL
  • nicedisk les chatfield cropped 100734348 large
    How to create a bootable USB using Rufus on Windows Windows
  • google chrome logo 2
    Set Google as default: How to set a browser as default in Windows 10 Windows
  • UpdateOfficeOnlineServer 1
    Perform Office Online Server Update via Windows Updates Windows Server
  • image 75
    Useful Tutorial on CBackup Software Network | Monitoring
  • jooblejobs
    Find your dream job with Jooble JIRA|Confluence|Apps
  • images
    Lifecycle rules: Transition to Glacier still appears in s3 AWS/Azure/OpenShift

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,791 other subscribers
  • RSS - Posts
  • RSS - Comments
  • About
  • Authors
  • Write for us
  • Advertise with us
  • General Terms and Conditions
  • Privacy policy
  • Feedly
  • Telegram
  • Youtube
  • Facebook
  • Instagram
  • LinkedIn
  • Tumblr
  • Pinterest
  • Twitter
  • mastodon

Tags

Active Directory Azure Bitlocker Microsoft Windows PowerShell WDS Windows 10 Windows 11 Windows Deployment Services Windows Server 2016

Copyright © 2025 TechDirectArchive

Loading Comments...

You must be logged in to post a comment.