![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 60%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EUP%3C/text%3E%3C/svg%3E)
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
Urmila Purohit hi & thanks for posting this on q&a, ))
first off, u need to add 'microsoft.web/sites/functions/properties/write' permission to ur custom role. thats the magic sauce here )) the error message literally tells us this its missing that specific action. https://learn.microsoft.com/en-us/azure/azure-functions/functions-reference#permissions.
even if u have 'microsoft.web/sites/functions/write', it doesnt cover the properties/state change for disabling. azure permissions can be annoyingly specific like that )
quick test u can do right now assign the built-in 'website contributor' role temporarily to see if it works. if yes, then u know its just about tweaking ur custom role permissions.
always look at the exact error message when rbac fails. azure usually tells u which permission is missing, just gotta read it like a treasure map :))
check the scope where u assigned the custom role. sometimes people assign it at subscription level when it should be at resource group or function app level.
when creating custom roles in azure, its often easier to clone an existing built-in role and modify it rather than building from scratch. saves u from missing those sneaky permissions ))
even if u have full access at resource group level, individual resource permissions can override that. azure rbac is like an onion, lots of layers %)
here's another doc u might find useful about function app operations https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftweb.
let me know if adding that properties/write permission does the trick
Best regards,
Alex
and "yes" if you would follow me at Q&A - personaly thx.
P.S. If my answer help to you, please Accept my answer
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 24%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERJ%3C/text%3E%3C/svg%3E)