Reputation: 1416
Azure permission : not authorized to perform this operation
So i have a data factory which calls an Azure-function which reads blob storage.
I don't understand why i am getting this error. "This request is not authorized to perform this operation". Is it a problem with data factory, azure storage, or azure function?
I have also added service principals to Storage Blob Data Contributor, without any success.
What permission should i add in storage explorer on this specific folder ? 
{
"name": "TPFunction",
"instanceId": "4ef6513ebfc6bb",
"runtimeStatus": "Failed",
"input": {
"environment": "dev",
"DateToProcess": "2013-04-08",
"SourceStorageType": "AdlsGen2",
"SourceAccountName": "storage06",
"SourceBlobContainer": "data",
"SourceFilePath": "file/file/file"
},
"customStatus": null,
"output": "Orchestratorfunction 'TPFunction' failed: Following error occurred during execution: The activity function 'TPFunction' failed: \"Error occurred getting list of files: This request is not authorized to perform this operation using this permission.\nRequestId:7b5e-e4a603\nTime:2013-04-08:02:27.0924606Z\r\nStatus: 403 (This request is not authorized to perform this operation using this permission.)\r\nErrorCode: AuthorizationPermissionMismatch\r\n\r\nHeaders:\r\nServer: Windows-Azure-HDFS/1.0,Microsoft-HTTPAPI/2.0\r\nx-ms-error-code: AuthorizationPermissionMismatch\r\nx-ms-request-id: 7b5e-e4a603\r\nx-ms-version: 2019-07-07\r\nx-ms-client-request-id: e7357b5e-e4a603cc52\r\r\nContent-Length: 227\r\nContent-Type: application/json; charset=utf-8\r\n\". See the function execution logs for additional details.",
"createdTime": "2021-01-04T19:02:24Z",
"lastUpdatedTime": "2021-01-04T19:02:27Z"
}
Upvotes: 7
Views: 44193
Answers (1)
Reputation: 14080
I post here the major situation of '403 forbidden', and also post related methods to solve this.
First situation, we didn't give the access permission to the function app.
Solution:
If you want to access the storage blob data, you need to give related service the 'Storage Blob Data Contributor' RBAC role.
Second situation, storage has been protected by firewall.
Solution:
1, First way, add the outbound IP of the web app to the whitelist of storage.
2, Second way, create a virtual network on azure.
Then add the network to the firewall setting of storage:
Upvotes: 10
Related Questions
- Azure blob storage and container permissions
- Status=403 Code="AuthorizationFailure" Message="This request is not authorized to perform this operation"
- Azure Server failed to authenticate the request. Make sure the value of the authorization header is formed correctly including the signature
- Can't Create Blob Container: This request is not authorized to perform this operation
- This request is not authorized to perform this operation. Azure blobClient
- This request is not authorized to perform this operation. I used the class "BlobServiceClient" to connect
- How to resolve "azure.common.AzureHttpError: This request is not authorized to perform this operation. ErrorCode: AuthorizationFailure"
- Azure Data Factory to Azure Blob Storage Permissions
- altering blob container access permissions
- Can't programmatically set permissions to blob container in Azure Storage