Cannot add azure_storage extension to Flexible PostgreSQL 15.13
I was working on the Azure Storage extension in Azure Database for PostgreSQL flexible server. I followed the steps described here:
https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/quickstart-azure-storage-extension
but got the error on
CREATE EXTENSION azure_storage;
ERROR: permission denied to alter restricted role 'azure_pg_admin'
PostgreSQL version: 15.13
Azure Database for PostgreSQL
-
Kalyani Kondavaradala • 1,015 Reputation points • Microsoft External Staff • Moderator
2025-08-27T11:11:29.16+00:00 Hi Talha Nasr,
Thanks for posting your query on Microsoft Q&A!
Azure Postgres Flexible Server is a managed environment, and certain roles like
azure_pg_admin
are considered restricted system roles. These roles are controlled by the platform itself and cannot be altered or granted privileges through user-issued SQL commands.- Ensure you're connected using the server administrator login (not a regular database user).
- Run:
SELECT current_user;
- This should match your admin account login.
- Check if the extension is available:
SELECT * FROM pg_available_extensions WHERE name = 'azure_storage';
- If its available, try to create the extension.
Please let us if you still getting same issue so that we can try guide possible ways.
Please refer these Microsoft documents for more details about extensions
- https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-configure-azure-storage-extension?tabs=portal-03%2Cportal-04%2Cportal-05%2Cportal-01%2Cportal-02
- https://learn.microsoft.com/en-us/azure/postgresql/extensions/concepts-extensions-versions
- https://learn.microsoft.com/en-us/azure/postgresql/extensions/errors-extensions
If the information resolved your issue, kindly consider Upvote it will help others who might be facing similar challenges.
Thanks,
Kalyani
-
Talha Nasr • 25 Reputation points
2025-08-27T11:48:41.6633333+00:00 I followed the steps and verified that I am using server administrator login but still getting same error.
-
Kalyani Kondavaradala • 1,015 Reputation points • Microsoft External Staff • Moderator
2025-08-27T15:53:08.0466667+00:00 Hi Talha Nasr,
Thank you for your response!As mentioned in this document https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-configure-azure-storage-extension?tabs=portal-03%2Cportal-04%2Cportal-05%2Cportal-01%2Cportal-02
Did you follow these as well?
You must follow these steps to be able to use the Azure Storage extension:
- Identify Azure Storage accounts
- Choose type of authorization
- Load the extension's library
- Allowlist the extension
- Create the extension
- Use the extension to import and export data
let us know the result after following above steps.
As I mentioned earlier, in Azure PostgreSQL flexible server, the azure_pg_admin role is a restricted role managed by the platform. It cannot be modified, and certain privileged operations are not allowed unless specific prerequisites are fulfilled.
Thanks!
Kalyani
-
Talha Nasr • 25 Reputation points
2025-08-27T16:06:22.5933333+00:00 yes, I have done the prerequisite steps mentioned in the docs here:
https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-configure-azure-storage-extension?tabs=portal-03%2Cportal-04%2Cportal-05%2Cportal-01%2Cportal-02majorly there was following two steps that was related to extension:
- Load the extension's library
- Allowlist the extension
and i will be using the shared key authorization method and for that I did those prerequisite steps.
-
Kalyani Kondavaradala • 1,015 Reputation points • Microsoft External Staff • Moderator
2025-08-27T17:25:20.9066667+00:00 Thanks, Talha Nasr, for your quick response! Can you please share the server parameters you’ve configured, so we can take a deeper look into the problem?
Thanks!
-
Talha Nasr • 25 Reputation points
2025-08-27T18:46:25.15+00:00 -
Kalyani Kondavaradala • 1,015 Reputation points • Microsoft External Staff • Moderator
2025-08-28T09:24:33.8666667+00:00 Thank you for sharing the server parameters, Talha Nasr. I can see that the required parameters such as azure.extensions are already configured. Could you please confirm if you have restarted the server after applying these parameter changes and then tested again?
You can restart the server using the below command:
az postgres flexible-server restart \ --resource-group <rg-name> \ --name <server-name>
If you are still facing the same issue even after the restart, please let me know. I will check with the internal team and get back to you with further updates.
Thank you for your patience!
Kalyani
-
Talha Nasr • 25 Reputation points
2025-08-28T09:30:02.4466667+00:00 @Kalyani Kondavaradala I have already restarted the server but still facing the issue.
-
Kalyani Kondavaradala • 1,015 Reputation points • Microsoft External Staff • Moderator
2025-08-28T09:44:25.87+00:00 Thanks for conformation @Talha Nasr , Could you please share the details requested in the private message so that we can review and assist further?
-
Espen Sandtveit (Webstep AS) • 0 Reputation points
2025-08-28T10:34:24.57+00:00 I have the same issue and i posted my question here
-
Kalyani Kondavaradala • 1,015 Reputation points • Microsoft External Staff • Moderator
2025-08-28T11:20:17.3566667+00:00 Hi Espen Sandtveit (Webstep AS),
can you please try running the below command and try to create the extension, if possible, share screenshot of the error if you are getting any and let me know if you still getting same issue or not.
GRANT azure_storage_admin TO <USER>;
Thanks!
-
Espen Sandtveit (Webstep AS) • 0 Reputation points
2025-08-28T12:09:43.4933333+00:00 GRANT azure_storage_admin TO ourAdminUser; -- output -- role "azure_storage_admin" does not exist
This create extension issue also exists for the azure_ai extension, but can create other extensions like vector extension.
We also tried to grant the "azure_ai_settings_manager" to ourAdminUser to create the azure_ai extension. This worked but the actual creating still fails.
Running:GRANT azure_ai_settings_manager TO ourAdminUser; -- output -- GRANT ROLE CREATE EXTENSION IF NOT EXISTS azure_ai; -- output -- permission denied to alter restricted role "azure_pg_admin"
-
Kalyani Kondavaradala • 1,015 Reputation points • Microsoft External Staff • Moderator
2025-08-28T12:24:03.1066667+00:00 Thanks for the update Espen Sandtveit (Webstep AS), Could you please share the details I requested via private message regarding the question you posted earlier today?
Sign in to comment