The scenario
I have a new empty subscription, in it I create a new empty resource group and I add a user as owner to that resource group.
The permission definition of “owner” is {*}, full access to everything. I also added the user as “Reader” on subscription level.
The problem
When trying to add a new resource (in this case a DocutmentDB) to the resource group, I get an error saying.
“The subscription ************** doesn’t have permissions to register resource providers: Microsoft.DocumentDB.”
If I test the same thing with my global admin user, the problem is gone.
Same thing goes for other resources but not necessarily all of them. I found a clue when doing the deployment from visual studio.
11:39:13 - [ERROR] New-AzureRmResourceGroupDeployment : 11:39:13 - Resource Microsoft.Storage/stor
11:39:13 - [ERROR] ageAccounts '***************' failed with message '{
11:39:13 - [ERROR] "error": {
11:39:13 - [ERROR] "code": "MissingSubscriptionRegistration",
11:39:13 - [ERROR] "message": "The subscription is not registered to use namespace 'Microsoft.
11:39:13 - [ERROR] Storage'. See https://aka.ms/rps-not-found for how to register subscriptions."
11:39:13 - [ERROR] }
11:39:13 - [ERROR] }'
The solution
It turns out that the resources I was trying to deploy were never registered and the user didn’t have the right permissions to register the provider.
To see all the not registered “provider namespaces”, run the following command:
Get-AzureRmResourceProvider -ListAvailable | ? {
$_.RegistrationState -eq "NotRegistered"
} | select ProviderNamespace
To display the current status of one of the providers run:
Get-AzureRmResourceProvider -ProviderNamespace Microsoft.DocumentDB
To manually register one of the providers run the following command:
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.DocumentDB
Registration for 1st party providers typically take less than a minute to complete.
Knowing this also help me understand previous unexplained behaviors. Like one time I was unable to create an Azure Site Recovery plan because no VM’s had been deployed to the newly created subscription.
Of course I needed to register the Microsoft.compute provider fist. But at that time I solved it by simply creating and removing a compute resource. Which actually does the registration step in the background.
Hope this help someone out there.
Jon Jander @Meapax
