Storage Explorer in the portal does not work for a user that is RBAC'd for Reader on the account, and Storage Blob Data Contributor on a container. The storage account shows in the explorer but when I expand it I get this error:
"Error responseJSON: {"error":{"code":"AuthorizationFailed","message":"The client 'demo_1@xxxxxxx.onmicrosoft.com' with object id 'xxxxxxxxxxxxxxxxx' does not have authorization to perform action 'Microsoft.Storage/storageAccounts/listKeys/action' over scope '/subscriptions/xxxxxxxxxxx/resourceGroups/rg-az-203/providers/Microsoft.Storage/storageAccounts/storaz203' or the scope is invalid. If access was recently granted, please refresh your credentials."}} status: 403"
Storage Explorer Desktop DOES WORK as expected for the user.
I have no issues with the portal Storage Explorer when signed in as Global Administrator.
The Global Admin account is a Microsoft account. The account I'm having trouble with is an Azure AD account. The Azure AD Tenent is the Free level.
[Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question.] Source: MSDN