Azure Keyvault - "Operation "list" is not allowed by vault policy" but all permissions are checked

I had the same issue and the solution was to get to my vault's Access Policies blade, then click on my application and activate List on Key permissions / Secret permissions

After ages of trying to sort this issue - the problem was in the access policies code. When a user is registered in the code - it associates itself with the app ID. The app ID is the problem as it thinks that the user is an application AND a user.

The tell-tale sign of this is if you go into the portal, then "Access Policy" on a Keyvault and it'll say Application + User underneath. If you try and add a user (that is already on the list) - it will add the second user - so you'll have 2 of the same.

So all that's needed is to:

       var accessPolicy = new AccessPolicyEntry
    {

        ApplicationId = app, // Delete this line
        ObjectId = Obid,
        PermissionsRawJsonString = "{ \"keys\": [ \"all\" ], \"secrets\": [ \"all\"  ], \"certificates\": [ \"all\" ] }",
        TenantId = ten,

    };

    return accessPolicy;

The Microsoft documentation can be vague at times and I believe this is one of them.

Got the error:

The operation "List" is not enabled in this key vault's access policy.

You are unauthorized to view these contents.

The key here was to look at You are unauthorized to view these contents.

Navigate to Access policies and add your currently logged in user as principal with at least List privilege:

You can now view secrets if there are any: