Share via

Data factory linked service to storage account| UAM

Pankaj Joshi 411 Reputation points
2022-12-06T15:20:31.247+00:00

I am trying to create linked service from adf to storage account using user assigned managed identity but connection is failing with forbidden error 403 although I have given storage account contributor role to user managed identity.

However when I doing with system assigned managed identity the connection is successful.

Why it is failing with user assigned managed identity?

Azure Databricks
Azure Databricks

An Apache Spark-based analytics platform optimized for Azure.

Azure Role-based access control
Azure Role-based access control

An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.

Azure Data Factory
Azure Data Factory

An Azure service for ingesting, preparing, and transforming data at scale.

Azure Policy
Azure Policy

An Azure service that is used to implement corporate governance and standards at scale for Azure resources.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. PRADEEPCHEEKATLA 91,866 Reputation points
    2022-12-07T08:57:29.437+00:00

    Hello @Anonymous ,

    Thanks for the question and using MS Q&A platform.

    To resolve the issue, make sure you have assigned proper permissions on the Storage account.

    • As source: In Storage Explorer, grant at least Execute permission for ALL upstream folders and the file system, along with Read permission for the files to copy. Alternatively, in Access control (IAM), grant at least the Storage Blob Data Reader role.
    • As sink: In Storage Explorer, grant at least Execute permission for ALL upstream folders and the file system, along with Write permission for the sink folder. Alternatively, in Access control (IAM), grant at least the Storage Blob Data Contributor role.

    As per the repro, I had created a User Assigned Managed Identity named chepraUAMI.

    Error: When I tried to to access the storage account without permissions:

    268141-image.png

    Make sure you have Storage Blob Data Contributor permission on the User Assigned Managed Identity.

    268133-image.png

    Success After granting the permissions, able to successfully connected via User Assigned Managed Identity.

    268124-image.png

    For more details, refer to ADF - User-assigned managed identity authentication and Support for user-assigned managed identity in Azure Data Factory.

    Hope this will help. Please let us know if any further queries.

    ------------------------------

    • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification
    • If you are interested in joining the VM program and help shape the future of Q&A: Here is jhow you can be part of Q&A Volunteer Moderators

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.