如果服务主体没有执行操作所需的权限或角色，则通常会发生此错误。
我注册了一个名为SriOctSP的Azure AD应用程序，并在下面添加了API权限：

当我在我的环境中运行你的代码时，我也得到了相同的错误，因为服务主体在订阅下没有任何角色：

Get_Token_Url = "https://login.microsoftonline.com/%7BtenantID%7D/oauth2/token"
payload = {
"client_id": "**",
"client_secret":"**",
"grant_type": "client_credentials",
"resource": "https://management.azure.com/"
}
headers = {
'Content-Type': 'application/x-www-form-urlencoded'
}
response = requests.post(Get_Token_Url, headers=headers, data=payload)
df = json.loads(response.content)
Token = df\['access_token'\]

url = "https://management.azure.com/subscriptions/%7BsubscriptionID%7D/providers/Microsoft.Advisor/recommendations?api-version=2023-01-01"

headers = {
'Authorization': 'bearer ' + Token,
'Content-Type': 'application/json'
}
response = requests.post(url, headers=headers, data=payload)
df1 = json.loads(response.content)
df1

回复：

为了解决错误，我给订阅下的服务主体分配了**Reader**角色，如下所示：

当我将角色分配给服务主体后，用get请求运行下面修改后的代码时，成功得到响应，如下所示：

import requests
import json

Get_Token_Url = "https://login.microsoftonline.com/tenantId/oauth2/token"
payload = {
"client_id": "appId",
"client_secret":"secret",
"grant_type": "client_credentials",
"resource": "https://management.azure.com/"
}
headers = {
'Content-Type': 'application/x-www-form-urlencoded'
}
response = requests.post(Get_Token_Url, headers=headers, data=payload)
df = json.loads(response.content)
Token = df['access_token']

url = "https://management.azure.com/subscriptions/sub_id/providers/Microsoft.Advisor/recommendations?api-version=2023-01-01"

headers = {
'Authorization': 'Bearer ' + Token,
'Content-Type': 'application/json'
}
response = requests.get(url, headers=headers)
df1 = json.loads(response.content)
print(df1)

回复：

参考：Permissions in Azure Advisor | Microsoft