Azure WebJob 运行时访问异常

网络作业运行时出现错误：

Microsoft.Azure.WebJobs.Host.FunctionInvocationException：执行函数时出现异常：Functions.Cleanup ---> Microsoft.Rest.Azure.CloudException：对象 ID 为“[Redacted]”的客户端“[Redacted]”没有授权在范围“/subscriptions/[Redacted]/resourceGroups/[Redacted]/providers/Microsoft.Web/sites/[Redacted]/config/publishingcredentials”上执行操作“Microsoft.Web/sites/config/list/action”。

这是LetsEncrypt 证书更新尝试；完整的堆栈报告如下。

我已经在这里和这里查看了文档，但恐怕我仍然不知所措。

我在这里Microsoft.Web/sites/config/list/action找到了提供者，但它没有列在可用角色中，也没有说明如何授予它访问权限：

/subscriptions/[Redacted]/resourceGroups/[Redacted]/providers/Microsoft.Web/sites/[Redacted]/config/publishingcredentials

在过去的一年里，一切都运行良好，但这只是在过去一个月左右开始出现故障。我有两个网站正在运行这项工作，但突然之间，两个网站都因类似错误而失败。

这可能与我最近决定将扩展程序的文件从 AppData 移出到网站上一级的文件夹中有关，正如在此处讨论的那样，但由于时间问题我无法确定。

如何添加必要的权限以让 WebJob 成功运行？

 1   {
 2     "Type": "FunctionCompleted",
 3     "EndTime": "2019-03-21T03:11:53.1829332+00:00",
 4     "Failure": {
 5       "ExceptionType": "Microsoft.Azure.WebJobs.Host.FunctionInvocationException",
 6       "ExceptionDetails": "Microsoft.Azure.WebJobs.Host.FunctionInvocationException: Exception while executing function: Functions.Cleanup ---> Microsoft.Rest.Azure.CloudException: The client '[Redacted]' with object id '[Redacted]' does not have authorization to perform action 'Microsoft.Web/sites/config/list/action' over scope '/subscriptions/[Redacted]/resourceGroups/[Redacted]/providers/Microsoft.Web/sites/[Redacted]/config/publishingcredentials'.
 7      at Microsoft.Azure.Management.WebSites.WebAppsOperations.<BeginListPublishingCredentialsWithHttpMessagesAsync>d__210.MoveNext()
 8   --- End of stack trace from previous location where exception was thrown ---
 9      at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
10      at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
11      at Microsoft.Azure.Management.WebSites.WebAppsOperationsExtensions.<BeginListPublishingCredentialsAsync>d__411.MoveNext()
12   --- End of stack trace from previous location where exception was thrown ---
13      at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
14      at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
15      at Microsoft.Azure.Management.WebSites.WebAppsOperationsExtensions.BeginListPublishingCredentials(IWebAppsOperations operations, String resourceGroupName, String name)
16      at LetsEncrypt.Azure.Core.KuduHelper.GetKuduClient(WebSiteManagementClient client, IAzureWebAppEnvironment settings) in D:\\a\\1\\s\\LetsEncrypt.SiteExtension.Core\\KuduHelper.cs:line 15
17      at LetsEncrypt.Azure.Core.Services.KuduFileSystemAuthorizationChallengeProvider..ctor(IAzureWebAppEnvironment azureEnvironment, IAuthorizationChallengeProviderConfig config) in D:\\a\\1\\s\\LetsEncrypt.SiteExtension.Core\\Services\\KuduFileSystemAuthorizationChallengeProvider.cs:line 22
18      at LetsEncrypt.Azure.Core.CertificateManager..ctor(AppSettingsAuthConfig config) in D:\\a\\1\\s\\LetsEncrypt.SiteExtension.Core\\CertificateManager.cs:line 31
19      at LetsEncrypt.SiteExtension.Functions.Cleanup(TimerInfo timerInfo) in D:\\a\\1\\s\\LetsEncrypt.SiteExtension.WebJob\\Functions.cs:line 73
20      at lambda_method(Closure , Functions , Object[] )
21      at Microsoft.Azure.WebJobs.Host.Executors.VoidMethodInvoker`1.InvokeAsync(TReflected instance, Object[] arguments)
22      at Microsoft.Azure.WebJobs.Host.Executors.FunctionInvoker`1.<InvokeAsync>d__8.MoveNext()
23   --- End of stack trace from previous location where exception was thrown ---
24      at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
25      at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
26      at Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.<InvokeAsync>d__22.MoveNext()
27   --- End of stack trace from previous location where exception was thrown ---
28      at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
29      at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
30      at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
31      at Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.<ExecuteWithWatchersAsync>d__21.MoveNext()
32   --- End of stack trace from previous location where exception was thrown ---
33      at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
34      at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
35      at Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.<ExecuteWithLoggingAsync>d__19.MoveNext()
36   --- End of stack trace from previous location where exception was thrown ---
37      at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
38      at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
39      at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
40      at Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.<ExecuteWithLoggingAsync>d__13.MoveNext()
41      --- End of inner exception stack trace ---
42      at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
43      at Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.<ExecuteWithLoggingAsync>d__13.MoveNext()
44   --- End of stack trace from previous location where exception was thrown ---
45      at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
46      at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
47      at Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.<TryExecuteAsync>d__10.MoveNext()"
48     },
49     "ParameterLogs": {},
50     "FunctionInstanceId": "[Redacted]",
51     "Function": {
52       "Id": "LetsEncrypt.SiteExtension.Functions.Cleanup",
53       "FullName": "LetsEncrypt.SiteExtension.Functions.Cleanup",
54       "ShortName": "Functions.Cleanup",
55       "Parameters": [
56         {
57           "Name": "timerInfo",
58           "DisplayHints": {
59             "Description": "Timer executed on schedule (Daily: 1 occurrences)"
60           }
61         }
62       ]
63     },
64     "Arguments": {
65       "timerInfo": "2019-03-21T03:11:49.9071967+00:00"
66     },
67     "Reason": "AutomaticTrigger",
68     "ReasonDetails": "Timer fired at 2019-03-21T03:11:48.8550732+00:00",
69     "StartTime": "2019-03-21T03:11:48.8550732+00:00",
70     "OutputBlob": {
71       "ContainerName": "azure-webjobs-hosts",
72       "BlobName": "output-logs/[Redacted].txt"
73     },
74     "ParameterLogBlob": {
75       "ContainerName": "azure-webjobs-hosts",
76       "BlobName": "output-logs/[Redacted].params.txt"
77     },
78     "HostInstanceId": "[Redacted]",
79     "HostDisplayName": "LetsEncrypt.SiteExtension.WebJob",
80     "SharedQueueName": "azure-webjobs-host-le-[Redacted]",
81     "InstanceQueueName": "azure-webjobs-host-[Redacted]",
82     "Heartbeat": {
83       "SharedContainerName": "azure-webjobs-hosts",
84       "SharedDirectoryName": "heartbeats/le-[Redacted]",
85       "InstanceBlobName": "[Redacted]",
86       "ExpirationInSeconds": 45
87     },
88     "WebJobRunIdentifier": {
89       "WebSiteName": "[Redacted]",
90       "JobType": "Continuous",
91       "JobName": "letsencrypt.siteextension.job",
92       "RunId": ""
93     }
94   }