Azure Pipelines "Pipeline does not have permissions to use protected resource"
Protected resources (service connections, environments, agent pools, variable groups, secure files) require a pipeline to be authorized before use. A new or renamed pipeline referencing one is blocked until an admin grants access.
What this error means
The run fails at the resource check noting the pipeline lacks permission to use the protected resource, sometimes with a button to request or grant access. The YAML is valid; the authorization is missing.
##[error]This pipeline does not have permissions to use the protected
resource 'azure-prod' (service connection). Grant access to continue.Common causes
Pipeline never authorized for the resource
Protected resources are not open to all pipelines by default. A first reference (or a reference after renaming the pipeline/resource) must be explicitly authorized.
Authorization scoped too narrowly
A resource can be restricted to specific pipelines. A pipeline outside that allow-list is denied even though the resource exists.
How to fix it
Authorize the pipeline on the resource
- Open the failed run; use the "Authorize" / "Permit" prompt for the named resource.
- Or in the resource's Security/Approvals settings, grant access to this pipeline.
- Re-run; the first reference to a new resource often needs this one-time grant.
Reference the resource by its exact name
Ensure the service connection / environment / pool name matches an authorized resource.
steps:
- task: AzureCLI@2
inputs:
azureSubscription: 'azure-prod' # exact authorized service connection name
scriptType: bash
scriptLocation: inlineScript
inlineScript: az account showHow to prevent it
- Authorize pipelines for protected resources when first wiring them.
- Keep resource names stable so renames do not drop authorization.
- Scope resource access deliberately to the pipelines that need it.