**CODE**: Forbidden
**MESSAGE**
The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes
for role assignments to become effective.
**RAW ERROR**
Caller is not authorized to perform action on resource. If role assignments, deny assignments or
role definitions were changed recently, please observe propagation time.
Caller: appid=guidId;oid=guidid;iss=https://sts.windows.net/guidid/ Action: 'Microsoft.KeyVault/vaults/secrets/setSecret/action'
**Resource**: '/subscriptions/subs_id/resourcegroups/networkwatcherrg/providers/microsoft.keyvault/vaults/vickyskeyvault001/secrets/productiondbpassword'
Assignment: (not found) DenyAssignmentId: null DecisionReason: null Vault: vickyskeyvault001;location=centralindia
即使我在 keyvault 上拥有所有者角色并且还订阅:
已经10多分钟了,消息还没传出:
留言:
The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes for role assignments to become effective.
在使用 Azure 密钥保管库时,如果用户或服务主体未分配与密钥保管库相关的角色,通常会发生此错误。
当我尝试使用 Owner 角色在 Azure Key Vault 中创建密钥时,我也遇到了同样的错误,如下所示:
要解决错误,请确保将 Key Vault 相关角色(例如 Key Vault 管理员)分配给用户或服务主体:
分配此角色后,警告消息就会消失,我可以在密钥保管库中成功创建密钥,如下所示: