In my Azure Bicep deployment, I am deploying on to a resource group (RG2) trying to refer Azure resources (eg: Service Bus) from another resource group (RG1) using the "scope" property.
eg:
name: resourceNames.storageAccountName
scope: resourceGroup(resourceNames.coreRG)
}
Whenever I am using scope, it gives me an error:
"The client 'xx@yyy.org' with object id 'xxx' does not have authorization to perform action 'Microsoft.Web/sites/read' over scope '/subscriptions/xxx/resourcegroups/yyyy/providers/Microsoft.Web/sites/zzzz' or the scope is invalid. If access was recently granted, please refresh your credentials."
However, if i remove the scope and deploy everything to the same resourcegroup (RG1) it works successfully.
I am trying it on my personal subscription to rule out any permissions issues. I have the following permission : Service Administrator : Has full access to all resources in the subscription
I even added "Contributor" to RG1 as an add-on but it did not help.
Any help will be appreciated.
I did have "Contributor" permissions on both Resource Groups.
As simple and silly as it seems, the issue was due to a wrong Resource Group name (missed out a suffix).
The error was not very helpful and I suppose its more inclined to this part of the error message: or the scope is invalid
Thanks all for your help !