Error AtlasError Documentation and Resolution
Back to search

Key Vault

Azure Key Vault AccessDenied

You may be missing permissions in access policy to do that operation.

Azure Key Vault returned AccessDenied because the caller does not currently have sufficient permission to perform the requested operation. This most commonly happens when access policy or role assignments do not include the required secret, key, or certificate permissions.

AccessDeniedpolicy

Observed message

You may be missing permissions in access policy to do that operation.

Why it happens

  • The calling user, app, or managed identity does not have the required Key Vault permissions.
  • The vault is using the wrong permission model for the way access is being granted.
  • A recent change removed or narrowed access policy or RBAC rights.

How to fix it

  1. Check whether the vault uses access policies or Azure RBAC, then grant the exact permissions needed for the operation.
  2. If a managed identity or app is calling Key Vault, confirm that identity is the one actually receiving the permission assignment.
  3. Allow time for permission changes to propagate, then retry the operation.

Official reference

Common error codes for Azure Key Vault

Related errors

ConflictErrorAzure Key Vault ConflictErrorForbiddenByFirewallAzure Key Vault ForbiddenByFirewallResourceNotFoundAzure Key Vault ResourceNotFoundVaultAlreadyExistsAzure Key Vault VaultAlreadyExists

Explore more

policyBrowse more policy errors
Azure Key Vault AccessDenied: causes and fixes | Error Atlas