Reputation: 1
Azure Java SDK getBlobsByTags gives AuthorizationPermissionMismatch Error
Using Azure Java SDK, We are trying to access Blob Storage entries from Azure Storage Account. We only want to Read the blob storage message. We don't have any requirement to write to it.
Our application has Storage Blob Data Reader access and Reader and Data Access.
blobclient = new BlobServiceClientBuilder().endpoint("<endpoint>").credential(<valid credential>).buildClient();
System.out.println ("After getting blobclient");
blobcontainer = blobclient.getBlobContainerClient("<container name>");
System.out.println ("Got blob container");
PagedIterable<TaggedBlobItem> list = blobcontainer.findBlobsByTags("<valid query format>");
System.out.println ("After findblobbytags");
for (TaggedBlobItem blobItem : list) {
System.out.println ("Inside for loop. Got blobItem");
System.out.println("Blob name: " + blobItem.getName());
}
It is printing until findblobbytags. But at the for loop, get this error -
<Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission.
RequestId:31679602-001e-00a0-4812-bd6c51000000
Time:2024-06-12T21:52:11.3001653Z</Message></Error>
I did read links about having role with this Azure RBAC action: Microsoft.Storage/storageAccounts/blobServices/containers/blobs/filter/action - to be able to do the filter action.
Is that the only cause? My doubt occurs because the findBlobsByTags method isn't failing with the error whereas, the iteration in loop is failing.
Any inputs would help! Thanks.
Upvotes: 0
Views: 85
Answers (1)
Reputation: 10520
Azure Java SDK getBlobsByTags gives AuthorizationPermissionMismatch Error
According to this MS-Document,
You need Storage Blob Data Owner with data action of Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/read to read the blob from Azure blob storage.
In my environment, after assigning the above RBAC role with data action and below code executed successfully.
Code:
String endpoint = "https://venkat123.blob.core.windows.net/";
String containerName = "test";
BlobContainerClient blobContainerClient = new BlobServiceClientBuilder()
.endpoint(endpoint)
.credential(new DefaultAzureCredentialBuilder().build())
.buildClient()
.getBlobContainerClient(containerName);
PagedIterable<TaggedBlobItem> findBlobsByTags = blobContainerClient.findBlobsByTags("\"createdby\"='venkat'");{
System.out.println ("After findblobbytags");
for (TaggedBlobItem blobItem : findBlobsByTags) {
System.out.println ("Inside for loop. Got blobItem");
System.out.println("Blob name: " + blobItem.getName());
Output:
After findblobbytags
Inside for loop. Got blobItem
Blob name: sample-20240624-1429.txt
Inside for loop. Got blobItem
Blob name: testblob.txt
Reference:
BlobServiceClient Class | Microsoft Learn
Upvotes: 0
Related Questions
- Generating SAS URL for Azure Blob Container with Proper Permissions
- com.databricks.sql.cloudfiles.errors.CloudFilesException: Failed to create an Event Grid subscription
- Azure Blob Storage "Authorization Permission Mismatch" error with azd auth login and DefaultAzureCredential()
- RBAC Role for writing/editing EventGrid System Topic Subscriptions?
- Azure Storage Account : Blob service (SAS) Connectivity Check FAILED
- PowerShell Azure Function: list Storage A/c blobs = unauthorised
- Create User delegation key from azure portal
- Unable to programmatically get the keys for Azure Storage Account
- Valid Azure Storage URI returning not found
- Some question of "Cloud endpoint creation failed"