The client does not have the authorization to perform action ‘Microsoft.Web/serverfarms/read’ over scope ‘/subscriptions/xxxxxxxx-xxxxxxx-xxxx/resourceGroups/xxxxxxxxxxx/providers/Microsoft.Web/serverfarms/xxxx’ or the scope is invalid. If access was recently granted, please refresh your credentials

This Azure error indicates that the user or service principal attempting to access the App Service Plan (serverfarms) lacks sufficient permissions at the specified scope. The error is common when permissions have not been granted or recently changed without refreshing credentials.

Why This Error Occurs

1. Insufficient Permissions: The user or service principal lacks the required permissions to read or manage the App Service Plan.
2. Incorrect Role Assignment Scope: The role assignment must be set at the correct level (e.g., subscription, resource group, or resource).
3. Stale Authentication Token: The authentication token may need refreshing if permissions were recently updated.
4. Service Principal Limitations: The service principal may not have the necessary roles or permissions at the resource or subscription level.

Troubleshooting Steps

1. Verify Required Role Permissions:

• To perform the Microsoft.Web/serverfarms/read action, the user or service principal needs at least Reader access to the resource.
• Common roles that grant this permission include:
  • Reader role (for read-only access).
  • Contributor role (for broader management permissions).
  • Web Plan Contributor role (specific to managing App Service Plans).
• Go to Azure Portal > Subscription > Access Control (IAM) > Role Assignments to view and verify role assignments.

2. Assign the Appropriate Role:

• If the user or service principal lacks the required role, assign it to the appropriate scope:
  Step1. Go to Azure Portal > Resource Group or Resource (App Service Plan).
  Step 2. Select Access Control (IAM) > Add role assignment.
  Step 3. Choose the role (e.g., Reader, Contributor, or Web Plan Contributor).
  Step 4. Assign it to the correct user, group, or service principal.
• If access at the subscription or resource group level is required, apply the role at that scope for broader permissions.

3. Check Role Scope and Hierarchy:

• Ensure the role assignment is applied at the correct hierarchy level:
  • Subscription: If managing multiple resources across the subscription.
  • Resource Group: If only managing resources within a specific resource group.
  • Resource: For permissions limited to the specific App Service Plan.
• Adjust the scope in Azure Portal > Access Control (IAM) > Role Assignments as needed.

4. Refresh Authentication Token:

• If permissions were recently updated, refresh your credentials to obtain a new token:
  • In Azure CLI, refresh your login:

• • In Azure PowerShell, re-authenticate by running:

5. Verify Service Principal Permissions (if applicable):

• If using a service principal, ensure it has the correct permissions and role assignments.
• Check the assigned role to ensure it covers the necessary scope and actions for serverfarms:

6. Confirm Subscription Access (if applicable):

• Sometimes, the error can arise due to issues with access to the overall subscription.
• Ensure that the user or service principal is associated with the correct subscription in Azure CLI:

Xieles team of experts helps you to resolve the authorization error and regain access to perform actions on Microsoft.Web/serverfarms resource.