Share via

I am trying to cretae a static Web app, But it says I do not have the authorization to perform the action

Blessing Asuquo-Ekpo 20 Reputation points
2026-04-27T15:39:45.4966667+00:00

This is the error message "i am trying to create a static web app and this is the error I am getting, "The client with object id 'af791067-836c-43a3-b61e-6f670ed060a7' does not have authorization to perform action 'Microsoft.Web/staticsites/read' over scope '/subscriptions/XXXXXXXX9c84-4XXXXX23f/resourceGroups/XXXX-UDS-Trend-AnalysiXXXXXX5/providers/Microsoft.Web/staticsites/XXXXC-UDS-Trend-Analysis-Dashboard' or the scope is invalid. If access was recently granted, please refresh your credentials." please what can i do?"

edited PII information

Azure Static Web Apps
Azure Static Web Apps

An Azure service that provides streamlined full-stack web app development.

Answer accepted by question author

Praneeth Maddali 10,025 Reputation points Microsoft External Staff Moderator
2026-04-27T15:59:10.9866667+00:00

Hi @Blessing Asuquo-Ekpo

Thanks for reaching out and sharing the exact error message. This is a common Azure RBAC (Role-Based Access Control) issue. The account with object ID af791067-836c-43a3-b61e-6f670ed060a7 currently lacks the permissions needed to work with Azure Static Web Apps in that resource group

Quick Solution

The simplest and most reliable fix is to assign the Contributor role (or Website Contributor for more limited access) to your account at the resource group level:

  1. Go to the Azure Portal and navigate to your resource group
  2. In the left menu, select Access control (IAM).
  3. Click + Add > Add role assignment.
  4. Choose Contributor (recommended) or Website Contributor.
  5. On the Members tab, add your user account (or the service principal with the object ID shown in the error).
  6. Click Review + assign.

After the role is assigned, wait a minute or two (role changes can take a short while to propagate), then sign out and back into the Azure Portal (or run az account clear + az login if you're using the CLI). Try creating the Static Web App again.

Important tip: If the role was granted very recently, the error may persist until you refresh your session — that's why the message suggests refreshing your credentials.

Why This Happens

Creating or even validating a Static Web App requires Microsoft.Web/staticSites/* permissions (including the /read action mentioned in the error). The built-in Contributor and Website Contributor roles include these permissions.

reference

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/web-and-mobile

https://learn.microsoft.com/en-us/azure/role-based-access-control/troubleshooting?tabs=bicep
Quickstart: Create a Static Web App in the portal

https://learn.microsoft.com/en-us/azure/static-web-apps/get-started-portal?tabs=vanilla-javascript&pivots=github

If the answer is helpful,  Please do click "Accept the answer” and Yes, this can be beneficial to other community members.

If you have any other questions, let me know in the "comments" and I would be happy to help you

   

Was this answer helpful?

1 person found this answer helpful.
0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Blessing Asuquo-Ekpo 20 Reputation points
    2026-04-28T14:19:08.8+00:00

    Hello @Praneeth Maddali Yes it has.

    I was made a contributor and have successfully created the web app.

    Thankyou so much for the prompt response.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.