Toolkit AuthorizationError: Don't have correct access rights to clean spaces

All `AuthorizationError`s will be related to the Service Principal that you have assigned in the devops pipeline. The variable is named `IDP_CLIENT_ID` along with its secret `IDP_CLIENT_SECRET`. That Service Principal MUST be a member of the Entra/Azure group that is linked to the CDF group `cognite-toolkit-service-principal`

Thanks ​@Ben Petree for comment here.

One question - CDF Group `cognite-toolkit-service-principal` is this by default created in each CDF project or you are suggesting create one with necessary capabilities.

If we have to create that group what are the minimum capabilities required to succeed in the operation. 
From the error it seems only “DataModelsAcl” Read is missing in the current setup. Adding that should solve the problem, correct ?

​@Khilesh Sahu There is a small bug in that error message, it should say ‘deploy’ not ‘clean’, I will fix this. Otherwise, it tells you what access you need, i.e., READ capability of type DataModelsAcl scoped to All. 

​@Neerajkumar Bhatewara It depends on which resources you want to govern with Toolkit. If you only want to use Toolkit for data models, then it is sufficient with the DataModelsAcl capability with READ+WRITE. If you want to govern all resources that Toolkit supports, you can use the `cdf auth verify` command. This will see what capabilities you have and suggest which ones to add given that you set up the `cognite-toolkit-service-principal` group with the minimum capabilities (Project + Group), see the quick setup guide in the docs.