Status 403: This request is not authorized to perform this operation using this permission

Question

To list containers in my storage account, I used Postman Rest API by generating tokens using this endpoint:

POST: https://login.microsoftonline.com/tenantID/oauth2/token
 &client_id = redacted
 &grant_type = client_credentials
 &resource = https://storage.azure.com
 &client_secret = redacted

With this token I queried the list of containers like this:

GET https://storageaccname.blob.core.windows.net/?comp=list

Authorization : Bearer redacted

x-ms-version : 2017-11-09

But I got stuck at this error, I tried many ways to get rid of it no use :(

<?xml  version="1.0"  encoding="utf-8"?>
<Error>
<Code>AuthorizationPermissionMismatch</Code>
<Message>This request is not authorized to perform this operation using this permission.
RequestId:
Time:2022-08-15T08:12:24.9827677Z</Message>
</Error>

I tried assigning API permissions to Azure storage and did the same process but still same error.

Answer 1

I tried to reproduce the same in my environment and got the below results:

I generated access token with same token endpoint (v1.0) and got the same error while running the query like below:

GET https://storageaccname.blob.core.windows.net/?comp=list

Response:

To resolve the error, assign Storage Blob Data Contributor Role to your Service Principal like below:

Go to Azure Portal -> Storage Accounts -> Your Storage Account -> Access Control (IAM) -> Add role assignment

If the error still persists, make use of v2.0 token endpoint to generate access token:

POST https://login.microsoftonline.com/Tenant_ID/oauth2/v2.0/token

Response:

Using above generated token, I got the list of containers in my storage account successfully like below: