skip to Main Content

An Azure Storage Account is created with DataLake Storage via Terraform. And Below permissions exist for the user. But User keep getting error while performing Storage Browser > Manage ACL > Access Permissions Tab > Forbidden

Error:
enter image description here

RBAC Permissions of User on SA:
enter image description here

2

Answers


  1. Chosen as BEST ANSWER

    It seems the issue was missing private endpoint for the DFS type sub-resource:

    From the Azure Documentation:

    If you create a private endpoint for the Data Lake Storage Gen2 storage resource, then you should also create one for the Blob Storage resource. That's because operations that target the Data Lake Storage Gen2 endpoint might be redirected to the Blob endpoint. Similarly, if you add a private endpoint for Blob Storage only, and not for Data Lake Storage Gen2, some operations (such as Manage ACL, Create Directory, Delete Directory, etc.) will fail since the Gen2 APIs require a DFS private endpoint. By creating a private endpoint for both resources, you ensure that all operations can complete successfully.

    So creating a private endpoint for DFS fixed the ACL issue.


  2. The error "Forbidden" usually occurs if your user doesn’t have sufficient permissions or the access is blocked by a firewall.

    As your user already has required roles, you can check the configuration settings of your storage account in Networking tab whether public access is enabled or not.

    I have one Datalake storage account where public access is disabled like below:

    enter image description here

    When I tried to perform same action as you with user having proper roles, I got same error saying Forbidden like below:

    Go to Azure Portal -> Storage Account -> Storage Browser -> Container -> Manage ACL -> Access Permissions Tab

    enter image description here

    To resolve the error, you can either enable public access or add user’s IP under Firewall to allow access, if you prefer selected virtual networks and IP addresses.

    In my case, I enabled public access in my Datalake storage account like below:

    enter image description here

    When I tried to perform the same action again after enabling public access, user can manage ACL successfully like below:

    Go to Azure Portal -> Storage Account -> Storage Browser -> Container -> Manage ACL -> Access Permissions Tab

    enter image description here

    In your case, check configuration settings in Networking tab of your storage account and modify the settings accordingly to resolve the error.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search