An Azure Storage Account is created with DataLake Storage via Terraform. And Below permissions exist for the user. But User keep getting error while performing Storage Browser > Manage ACL > Access Permissions Tab > Forbidden
Error:
RBAC Permissions of User on SA:
2
Answers
It seems the issue was missing private endpoint for the DFS type sub-resource:
From the Azure Documentation:
So creating a private endpoint for DFS fixed the ACL issue.
The error "Forbidden" usually occurs if your user doesn’t have sufficient permissions or the access is blocked by a firewall.
As your user already has required roles, you can check the configuration settings of your storage account in
Networkingtab whether public access is enabled or not.I have one Datalake storage account where public access is disabled like below:
When I tried to perform same action as you with user having proper roles, I got same error saying
Forbiddenlike below:Go to Azure Portal -> Storage Account -> Storage Browser -> Container -> Manage ACL -> Access Permissions Tab
To resolve the error, you can either enable public access or add user’s IP under Firewall to allow access, if you prefer selected virtual networks and IP addresses.
In my case, I enabled public access in my Datalake storage account like below:
When I tried to perform the same action again after enabling public access, user can manage ACL successfully like below:
Go to Azure Portal -> Storage Account -> Storage Browser -> Container -> Manage ACL -> Access Permissions Tab
In your case, check configuration settings in
Networkingtab of your storage account and modify the settings accordingly to resolve the error.