Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AzureAD Access Import error DisallowedOperation

SureshPatike
Regular Contributor
Regular Contributor

‎05/02/2024 03:55 PM

We are on 24.3 and seeing this error from 04/26/2024 onwards and our AzureAD access import job keep failing with below error all of sudden. We remember AzureAD connector was not bringing subscriptions but its trying to pull now. In earlier versions, AzureAD access import was atleast completed for other objects eventhough any one of the ent type object pull is failed, but now i see no data coming to Saviynt as soon as access import fail with error. Is this behaviour changed from 24.3?

Let us know if you have any information or help to resolve below error. Our app reg has all permissions to pull access and accounts from azuread. Any thoughts appreciated.

ResponseStatusCode-400, Failed url-https://management.azure.com/subscriptions/<subscriptionid>/providers/Microsoft.Authorization/roleAs..., Error Message - {"error":{"code":"DisallowedOperation","message":"The current subscription type is not permitted to perform operations on any provider namespace. Please use a different subscription."}}

Labels:
0 Kudos
6 REPLIES 6

rushikeshvartak
All-Star
All-Star

‎05/02/2024 07:23 PM

What is job configuration for entitlement import? Provide screenshots 


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.
0 Kudos

SureshPatike
Regular Contributor
Regular Contributor

‎05/03/2024 06:12 AM

Thank you for your response. Here is the job config of ent import. Is there way i can exclude only that specific subscriptionid which is causing above error while running import? 

 

SureshPatike_1-1714741504531.png

One more thing Found that errored subscriptionid showing as inactive in azure and i see this message when i try to open Access control (IAM)>>Role Assignments on azure portal.

"The current subscription does not allow you to perform any actions on Azure resources. Use a different subscription."

SureshPatike_2-1714741891515.png

But access import job should import rest all other data which used to happen in earlier versions but not now. 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to SureshPatike

‎05/04/2024 07:55 AM

Import access using Custom Access

https://docs.saviyntcloud.com/bundle/AzureAD-v24x/page/Content/Customizing-Entitlement-Import.htm

subscriptions can be imported all and can’t be filtered 


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.
0 Kudos

SureshPatike
Regular Contributor
Regular Contributor

‎05/03/2024 03:04 PM

Any help or direction?

0 Kudos

SureshPatike
Regular Contributor
Regular Contributor
In response to SureshPatike

‎05/06/2024 04:08 AM

Using custom access config , I was able to exclude subscription type entitlements import completely from being access import process and access import process completed successfully for all other included ent types. Is there a way I can exclud only one subscription which is disabled with this custom access config?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to SureshPatike

‎05/06/2024 06:55 PM

s there a way I can exclude only one subscription which is disabled with this custom access config? - No


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.
0 Kudos
Copyright © 2024 Khoros, LLC