Unable to create project in Hub

satish velayudhan 0 Reputation points

Unable to create project in Hub with an error message restricted permission

0 comments No comments
Sign in to comment

2 answers

  1. SRILAKSHMI C 19,195 Reputation points Microsoft External Staff Moderator

    Hello @satish velayudhan,

    Thank you for reaching out regarding the issue with creating a project in the Hub.

    Based on the error message “restricted permission”, this behavior is typically observed when the required permissions or configurations are not fully in place at the Azure subscription or resource level.

    Since creating a project within a Hub (Azure AI Foundry) involves provisioning and accessing multiple dependent resources, access is required across several scopes.

    Recommended checks

    1. Verify Azure RBAC permissions Please ensure that your account has Contributor or Owner role assigned at the Resource Group or Subscription level.

    Additionally, the following permissions are required (directly or via role):

    • Microsoft.MachineLearningServices/workspaces/write
    • Microsoft.MachineLearningServices/workspaces/hubs/write
    • Microsoft.MachineLearningServices/workspaces/hubs/join/action
    • Microsoft.Storage/storageAccounts/write
    • Microsoft.KeyVault/vaults/write
    • Microsoft.CognitiveServices/accounts/write
    • Microsoft.Resources/deployments/validate/action

    2. Confirm resource provider registration Kindly verify that the following resource providers are registered in your subscription:

    1. Microsoft.MachineLearningServices
    2. Microsoft.Storage
    3. Microsoft.KeyVault
    4. Microsoft.CognitiveServices

    This can be checked from: Azure Portal → Subscription → Resource providers

    3. Review Azure Policy restrictions If there are Azure Policies applied at the subscription or resource group level, they may restrict resource creation.

    Please check:

    • Resource Group → Policies
    • Look for any deny assignments related to resource types, regions, or configurations

    In such cases, creating the Hub/project directly via the Azure Portal can help identify and comply with required policy constraints.

    4. Validate quota and region availability Please ensure that the required quota is available for dependent services (e.g., Cognitive Services, Storage). If needed, try deploying in an alternate region or subscription.

    5. Hub access permissions If you are trying to create a project in an existing Hub, please ensure you have permission to join the Hub:

    • Microsoft.MachineLearningServices/workspaces/hubs/join/action

    6. Review Activity Log for detailed error For more specific failure details:

    • Navigate to Azure Portal → Resource Group → Activity Log
    • Check for failed operations and review error codes such as:
    1. AuthorizationFailed
    2. RequestDisallowedByPolicy

    If a Hub is not already created, you may try allowing Azure AI Foundry to automatically create a default Hub (requires Contributor/Owner access). Once the Hub is created, project creation should proceed successfully.

    Please refer this

    How to create & manage a hub + project: https://learn.microsoft.com/azure/ai-studio/how-to/create-azure-ai-resource

    Required RBAC perms for hubs & projects: https://learn.microsoft.com/azure/ai-studio/concepts/ai-resources#roles

    Register resource providers: https://learn.microsoft.com/azure/ai-studio/concepts/architecture#azure-resource-providers

    I Hope this helps. Do let me know if you have any further queries.

    Thank you!

    1. SRILAKSHMI C 19,195 Reputation points Microsoft External Staff Moderator

      Hi @satish velayudhan,

      Following up to see if the above answer was helpful. If this answers your query, please do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

      Thank you!

    2. SRILAKSHMI C 19,195 Reputation points Microsoft External Staff Moderator

      Hi @satish velayudhan,

      Just checking in to see if you have got a chance to see my response to your question in resolving the issue.

      If you are still facing any further issues, please don't hesitate to reach out to us. We are happy to assist you.

      Looking forward to your response and appreciate your time on this.

      If you feel that your quires have been resolved, please accept the answer by clicking the "Upvote" and "Accept Answer" on the post.

      Thank you!

    Sign in to comment

  2. AI answer

    To create a project in a Microsoft Foundry (classic) hub, the account must have sufficient permissions on the underlying Azure resources. A “restricted permission” or similar error when creating a project typically indicates missing Contributor/Owner rights or insufficient access to the hub’s resource group or subscription.

    Troubleshoot and resolve as follows:

    1. Verify Azure role assignments
      • Ensure the user has Contributor or Owner role on at least the resource group where the hub and project will be created, or on the subscription.
      • If part of a team, ask the Azure administrator to grant these permissions or to create the hub/project on behalf of the user.
    2. Confirm access to the hub
      • If a hub already exists, confirm that the user has access to that hub’s resource group with at least Contributor permissions. Without this, project creation in that hub will fail with a permission-related error.
    3. Try creating the project from the Foundry portal
      • Sign in to Microsoft Foundry with the correct account.
      • Make sure New Foundry is toggled off (using Foundry (classic)).
      • If not in any project, select Create new (top right). If already in a project, select the project breadcrumb → Create new resource.
      • Select AI hub resourceNext.
      • Enter a project name.
      • Choose an existing hub from the dropdown, or select Create a new hub.
      • If creating a new hub, ensure the user has Owner or Contributor permissions on the selected resource group; otherwise, the creation will fail due to restricted permissions.
      • Select Create.
    4. If creating a new hub as part of the project
      • In the Create a project form, expand the hub customization panel.
      • Select a Resource group where the user has Contributor or Owner.
      • Select a Location.
      • Select Create a project.
      • If the error persists, have an administrator create the hub separately with the required configuration and then create the project in that hub.
    5. Validate using CLI or SDK (optional)
      • Use Azure CLI to confirm authentication and visibility of existing hubs: 
         az login
 az ml workspace list --resource-group <your-resource-group-name>
      • If listing workspaces (hubs) fails with a permission error, the user lacks required rights on that resource group or subscription.

    If, after these checks, the error still appears, the next step is for an Azure administrator to review the user’s role assignments on the subscription and resource group and ensure at least Contributor access is granted before attempting project creation again.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.
Sign in to answer

Your answer