Issue with Azure RAG Solution: "Operation returned an invalid status 'Forbidden'"

Fiyarlin Sharone J 0 Reputation points
2024-11-26T06:33:07.16+00:00

Hi, I followed all the instructions in the Azure RAG Solution tutorial and referred to the corresponding sample code on GitHub to implement the solution.

I configured all the keys as specified in the documentation. Here’s an example of my configuration:

AZURE_SEARCH_SERVICE = "https://
Azure Storage
Azure Storage
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,537 questions
Azure AI Search
Azure AI Search
An Azure search service with built-in artificial intelligence capabilities that enrich information to help identify and explore relevant content at scale.
1,350 questions
Azure OpenAI Service
Azure OpenAI Service
An Azure service that provides access to OpenAI’s GPT-3 models with enterprise capabilities.
4,092 questions
Azure AI services
Azure AI services
A group of Azure services, SDKs, and APIs designed to make apps more intelligent, engaging, and discoverable.
3,619 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andriy Bilous 11,821 Reputation points MVP Volunteer Moderator
    2024-11-26T21:27:35.2966667+00:00

    Hello Fiyarlin Sharone J

    Ensure that Managed Identity is enabled and it has the appropriate role assignments. You can verify this in the Azure portal under the Identity settings.

    For pipeline and query execution, this tutorial uses Microsoft Entra ID for authentication and roles for authorization.

    Both you and the search service need permissions on Azure OpenAI.

    Sign in to the Azure portal and find your search service.

    Configure Azure AI Search to use a system-managed identity.

    Find your Azure OpenAI resource.

    Select Access control (IAM) on the left menu.

    Select Add role assignment.

    Select Cognitive Services OpenAI User.

    Select Managed identity and then select Members. Find the system-managed identity for your search service in the dropdown list.

    Next, select User, group, or service principal and then select Members. Search for your user account and then select it from the dropdown list.

    Make sure you have two security principals assigned to the role.

    Select Review and Assign to create the role assignments.

    For access to models on Azure AI Vision, assign Cognitive Services OpenAI User. For Azure AI Foundry, assign Azure AI Developer.

    https://learn.microsoft.com/en-us/azure/search/tutorial-rag-build-solution-models#configure-search-engine-access-to-azure-models


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.