Caller is not authorized to perform action on resource even though I have owner role on the Azure Key Vault and also subscription

**CODE**: Forbidden

The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes 
for role assignments to become effective.
Caller is not authorized to perform action on resource. If role assignments, deny assignments or 
role definitions were changed recently, please observe propagation time. 
Caller: appid=guidId;oid=guidid;iss= Action: 'Microsoft.KeyVault/vaults/secrets/setSecret/action' 
**Resource**: '/subscriptions/subs_id/resourcegroups/networkwatcherrg/providers/microsoft.keyvault/vaults/vickyskeyvault001/secrets/productiondbpassword' 
Assignment: (not found) DenyAssignmentId: null DecisionReason: null Vault: vickyskeyvault001;location=centralindia

Even though I have owner role on keyvault and also subscription:

enter image description here

It's been more than 10 minutes, the message didn't go:

enter image description here

Message: The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes for role assignments to become effective.


  • The error usually occurs if the user or service principal does not have key vault related roles assigned, while working with Azure key vaults.

    When I tried to create keys in Azure Key Vault with Owner role, I too got same error like this:

    enter image description here

    To resolve the error, make sure to assign key vault related roles like Key Vault Administrator to the user or service principal:

    enter image description here

    Once this role is assigned, the warning message gone and I'm able to create keys successfully in key vault like this:

    enter image description here