Share via

AuthorizationPermissionMismatch while uploading files to blob container using Azure File Copy task in Azure DevOps

Murarisetty Yamuna 120 Reputation points
2024-10-04T12:44:52.5633333+00:00

When using Azure File Copy task version 1 in Azure DevOps, the task completes successfully. However, when switching to version 6, I encounter the following error: Upload to container 'scripts' in storage account 'rtyui56sa' with blob prefix '' failed with error: 'AzCopy.exe exited with non-zero exit code while uploading files to blob storage.'

Roles assigned: Contributor at Resource group scope.

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,220 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,920 questions
0 comments
Accepted answer
  1. Vinodh247 22,951 Reputation points MVP
    2024-10-04T14:06:56.5266667+00:00

    Hi Murarisetty Yamuna,

    Thanks for reaching out to Microsoft Q&A.

    The error you're encountering, AuthorizationPermissionMismatch, indicates that the identity used by your Azure DevOps pipeline lacks the necessary permissions to upload files to Azure Blob Storage using the Azure File Copy task version 6.

    Understandng the Issue

    • Version Differences: Azure File Copy task version 1 and version 6 handle authentication differently. Version 1 typically uses storage account keys, while version 6 uses Azure Active Directory (Azure AD) for authentication.
    • Permissions Required: While the "Contributor" role at the resource group level grants broad permissions, it does not include data plane operations on Azure Storage. Specifically, it doesn't allow read/write access to the blobs within the storage account when using Azure AD authentication.

    Why Version 1 Works and Version 6 dont?

    • Version 1: Likely uses the storage account key for authentication, bypassing the need for additional Azure AD data permissions.
    • Version 6: Uses Azure AD authentication and requires specific data permissions on the storage account to perform upload operations.

    Probably solution to try:

    Assign the "Storage Blob Data Contributor" Role

    To fix the permission mismatch, you need to assign the "Storage Blob Data Contributor" role to the service principal or managed identity used by your Azure DevOps pipeline. This role grants the necessary permissions for data plane operations on blobs within the storage account.Why Version 1 Works and Version 6 Doesn't

    • Version 1: Likely uses the storage account key for authentication, bypassing the need for additional Azure AD data permissions.
    • Version 6: Uses Azure AD authentication and requires specific data permissions on the storage account to perform upload operations.

    Solution

    Assign the "Storage Blob Data Contributor" Role

    To fix the permission mismatch, you need to assign the "Storage Blob Data Contributor" role to the service principal or managed identity used by your Azure DevOps pipeline. This role grants the necessary permissions for data plane operations on blobs within the storage account.

    Basically, the AuthorizationPermissionMismatch error occurs because the identity used lacks the required data plane permissions on the storage account when using Azure AD authentication with Azure File Copy task version 6. By assigning the "Storage Blob Data Contributor" role to the identity at the storage account level, you grant it the necessary permissions to upload files, resolving the error.

    Please 'Upvote'(Thumbs-up) and 'Accept' as an answer if the reply was helpful. This will benefit other community members who face the same issue.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.