Unable to create the directory/folder manually in the Azure Storage container using azure portal

Question

Error:

Failed to add directory
Failed to add directory 'testdirectory'. Error: AuthorizationFailure: This request is not authorized to perform this operation.

The storage account in enabled with Virtual network enabled and no public access.

I have the contributor access on the resource group level, also added myself as Storage Blob Data Owner to the storage account.

I'm able to create the container manually but unable to create the folder/directory inside it.

Even the Hierarchical namespace is enabled:

Answer 1

Hi Rajoli Hari Krishna - Thanks for reaching out.

From the snippet you have shared, the account in question appears to be a HNS account which should allow creation of folder/sub-directory.

Can you confirm if you have any kind of Private endpoints configured on the storage account? if yes, can you attempt to remove that and then test this again. This shall help with the isolation as it appears to be more likely related to Network configuration.

Answer 2

Hello Rajoli Hari Krishna,

Greetings! Welcome to Microsoft Q&A Platform.

I understand that you are trying to create a file/folder inside the container and getting error: AuthorizationFailure: This request is not authorized to perform this operation as it typically indicates a permissions or network configuration issue.

Please consider checking the below following factors to resolve the issue,

Enabling "Allow trusted Microsoft services to access this storage account" allows you to access storage account and ensure that the Storage Blob Data Owner role is correctly assigned to your user account. Sometimes, it might take a few minutes for the role assignments to propagate.

Verify that your client IP address or the virtual network is included in the storage account’s firewall settings. If the storage account is restricted to specific networks, make sure your network is allowed. As a troubleshooting step, you can temporarily allow access from all networks to see if the issue persists. This can help identify if the problem is related to network restrictions, refer artilce.

Mostly, this error can occur when the storage account is firewall enabled and your client IP/vnet is not whitelisted from where you are trying to access Storage container.

Reference post for more details: https://learn.microsoft.com/en-us/answers/questions/1166011/getting-a-403-error-when-connecting-to-a-blob-cont?orderby=helpful

Explained about the issue, how 403 error is occurred https://learn.microsoft.com/en-us/rest/api/storageservices/blob-service-error-codes

Also to create a directory in a container, you need to have the write permission on the container. You can check the permission of the container by using the following command:

Get-AzStorageContainerAcl -Container <container-name> -Context <context>

If you don't have the write permission, you can update the container's permission by using the following command:

Set-AzStorageContainerAcl -Container <container-name> -Permission write -Context <context>

If the issue persists, you can try creating the directory using Azure CLI or Azure Storage Explorer to see if it's a permission issue or an issue with the tool you are using. You can also check if there are any quotas or limits that might be preventing you from creating directories.

Hope this information helps! please let us know if you have any further queries. I’m happy to assist you further.

---

Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.