Storage Explorer in the portal does not work for a user that is RBAC'd for Reader on the account, and Storage Blob Data Contributor on a container. The storage account shows in the explorer but when I expand it I get this error:
"Error responseJSON: {"error":{"code":"AuthorizationFailed","message":"The client 'demo_1@xxxxxxx.onmicrosoft.com' with object id 'xxxxxxxxxxxxxxxxx' does not have authorization to perform action 'Microsoft.Storage/storageAccounts/listKeys/action' over scope '/subscriptions/xxxxxxxxxxx/resourceGroups/rg-az-203/providers/Microsoft.Storage/storageAccounts/storaz203' or the scope is invalid. If access was recently granted, please refresh your credentials."}} status: 403"
Storage Explorer Desktop DOES WORK as expected for the user.
I have no issues with the portal Storage Explorer when signed in as Global Administrator.
The Global Admin account is a Microsoft account. The account I'm having trouble with is an Azure AD account. The Azure AD Tenent is the Free level.
[Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question.] Source: MSDN
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 74%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAJ%3C/text%3E%3C/svg%3E)