Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

AzureAD Access Import error DisallowedOperation

SureshPatike
Regular Contributor
Regular Contributor

We are on 24.3 and seeing this error from 04/26/2024 onwards and our AzureAD access import job keep failing with below error all of sudden. We remember AzureAD connector was not bringing subscriptions but its trying to pull now. In earlier versions, AzureAD access import was atleast completed for other objects eventhough any one of the ent type object pull is failed, but now i see no data coming to Saviynt as soon as access import fail with error. Is this behaviour changed from 24.3?

Let us know if you have any information or help to resolve below error. Our app reg has all permissions to pull access and accounts from azuread. Any thoughts appreciated.

ResponseStatusCode-400, Failed url-https://management.azure.com/subscriptions/<subscriptionid>/providers/Microsoft.Authorization/roleAs..., Error Message - {"error":{"code":"DisallowedOperation","message":"The current subscription type is not permitted to perform operations on any provider namespace. Please use a different subscription."}}

6 REPLIES 6

rushikeshvartak
All-Star
All-Star

What is job configuration for entitlement import? Provide screenshots 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

SureshPatike
Regular Contributor
Regular Contributor

Thank you for your response. Here is the job config of ent import. Is there way i can exclude only that specific subscriptionid which is causing above error while running import? 

 

SureshPatike_1-1714741504531.png

One more thing Found that errored subscriptionid showing as inactive in azure and i see this message when i try to open Access control (IAM)>>Role Assignments on azure portal.

"The current subscription does not allow you to perform any actions on Azure resources. Use a different subscription."

SureshPatike_2-1714741891515.png

But access import job should import rest all other data which used to happen in earlier versions but not now. 

Import access using Custom Access

https://docs.saviyntcloud.com/bundle/AzureAD-v24x/page/Content/Customizing-Entitlement-Import.htm

subscriptions can be imported all and can’t be filtered 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

SureshPatike
Regular Contributor
Regular Contributor

Any help or direction?

Using custom access config , I was able to exclude subscription type entitlements import completely from being access import process and access import process completed successfully for all other included ent types. Is there a way I can exclud only one subscription which is disabled with this custom access config?

s there a way I can exclude only one subscription which is disabled with this custom access config? - No


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.