This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 28.999999999999996%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
The app service has a storage contributor role in blob storage, it is throwing AuthorizationPermissionMismatch exception
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 57.99999999999999%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERH%3C/text%3E%3C/svg%3E)
Hi Anem, Kishan Kasyap •
Just checking in to see if the below answer helped. If you have any further query do let us know. I wish to engage with you offline for a closer look and provide a quick and specialized assistance, please send an email with subject line “Attn:subm” to AzCommunity[at]Microsoft[dot]com referencing this thread and the Azure subscription ID, I will follow-up with you. Once again, apologies for any inconvenience with this issue.
Thanks for your patience and co-operation.
Storage Contributor Role can't help as I think
Roles starting with 'Storage Blob Data' should be assigned. 'Storage Blob Data Contributor' should help !
--please don't forget to upvote and Accept as answer if the reply is helpful--
app service has Storage Blob Data Contributor
Storage Blob Data Contributor doesn't have permission to update index tags. we've given a role
Defender for Storage Data Scanner.
then it is started working. Thanks for the help.
App service has Storage Blob Data Contributor.
Is it possible to send more details like a screenshot with full error message
This request is not authorized to perform this operation using this permission.Status: 403 (This request is not authorized to perform this operation using this permission.)ErrorCode: AuthorizationPermissionMismatch
Content:<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission.</Message></Error>
Let's assign Storage Queue Data Contributor role also and see if it helps !
Ok, sure
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 31%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMC%3C/text%3E%3C/svg%3E)
I have a similar issue, which I reported here : https://stackoverflow.com/questions/77095628/azure-durable-function-403-and-409-errors-when-writing-internally-to-blob-queu
It seems like the "Storage XXX Data Contributor" roles (Storage queue, Storage Blob and Storage Table) are not enough, maye just in some corner cases.
Those 3 roles are the ones suggested by the documentation, as seen here : https://learn.microsoft.com/en-us/azure/azure-functions/durable/durable-functions-configure-durable-functions-with-credentials
But do they have sufficient access to, for example, create a new queue? What about when there's no queue yet (at all)? Is there some kind of preliminary creation task required, which needs more permissions? Something's not right.