File uploading error - from Azure blob storage to Azure Fileshare using azure.storage.fileshare. Error Message - ResourceNotFoundError: This request is not authorized to perform this operation.

Dev, Surya 20 Reputation points
2023-08-16T13:10:06.94+00:00

I am getting below mentioned error while moving Files from Azure Blob storage (Source Storage account) to the Azure FileShare location (Target Storage account) using azure-storage-file-share 12.13.0. In this File movement Source and destination storage accounts are different.

Error Message -

ResourceNotFoundError: This request is not authorized to perform this operation. RequestId:19abd852-b01a-004f-3c40-d0f4d7000000 Time:2023-08-16T12:52:11.6187680Z ErrorCode:CannotVerifyCopySource Content: <?xml version="1.0" encoding="utf-8"?><Error><Code>CannotVerifyCopySource</Code><Message>This request is not authorized to perform this operation. RequestId:19abd852-b01a-004f-3c40-d0f4d7000000 Time:2023-08-16T12:52:11.6187680Z</Message></Error>

I have following access to perform this action while i was performing this action.

Source Storage account -> Storage Blob Data Contributor

Target Storage account -> Reader and Data Access

Sample code:

pip install azure-storage-file-share

from azure.storage.fileshare import ShareClient

sourceAdlsStrageaccount = "XXX"
sourceDirectory = "XXX"
sourceFileName = "XXX"

fileShareConnectionString="XXX"
fileshareName = "XXX"
fileShareFileDirectory = "XXX"

source_url = "https://{}.blob.core.windows.net/{}/{}".format(
    sourceAdlsStrageaccount,
    sourceDirectory,
    sourceFileName
)

sasToken = "XXX"
share = ShareClient.from_connection_string(fileShareConnectionString, fileshareName)
destination_file = share.get_file_client(fileShareFileDirectory)
destination_file.start_copy_from_url(source_url+"?"+sasToken)
Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,286 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,167 questions
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,921 questions
{count} votes

Accepted answer
  1. Ramya Harinarthini_MSFT 5,351 Reputation points Microsoft Employee
    2023-08-22T08:00:16.61+00:00

    Hi Dev, Surya

    1. The machine where Python code is running needs to be able to access the source account.
    2. The machine running Python code needs to be able to access the destination account.
    3. As long as the above conditions are met, then the account-to-account copy will work (with no other firewall and network config). Effectively it will use the IP address of the client machine to authorize the source to destination traffic. I.e., it will securely work, without you needing to tell one storage account about the other.

    When you have enabled selected network and IP address on the Storage account the source machine where you are trying the copy operation should have access to both source and destination storage account.

    From the source storage account side, you have to allow the destination storage virtual network and source machine's public ip in the Firewall if it is on-prem machine or if you are running the python code on any Azure VM then you need to allow that VNET/subnet where the VM is deployed.

    From the destination storage account side, you have to allow the source storage virtual network and subnet and source machine's publicIP in the Firewall if it is on-prem machine or if you are running the python code on any Azure VM then you need to allow that VNET/subnet where the VM is deployed.

    Kindly let us know if you still have more questions on this. I wish to engage with you offline for a closer look and provide a quick and specialized assistance, please send an email with subject line “Attn:subm” to AzCommunity[at]Microsoft[dot]com referencing this thread and the Azure subscription ID, I will follow-up with you.  

    Once again, apologies for any inconvenience with this issue.

    Thanks for your patience and co-operation.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.