How to fix 403 User configuration issue in the Data flow activity?

Kalakota, Pardhasaradhi R /C 0 Reputation points
2023-09-14T16:38:08.7066667+00:00

I have created linked services for Blob storage to read the data from and Azure SQL Db to write the data in ADF for Production instance with user assigned managed identity authentication to enhance the security by assigning 'Storage Blob Data Contributor', Storage Blob Data Reader' and 'SQL DB Contributor' roles to this particular user managed identity. The test connections were also successful.

Afterwards, when I start testing the pipelines, I have been facing with the below error.

  • This request is not authorized to perform this operation.', 403
  • 1. For source: In Storage Explorer, grant the MI/SP at least Execute permission for ALL upstream folders and the file system, along with Read permission for the files to copy. Alternatively, in Access control (IAM), grant the MI/SP at least the Storage Blob Data Reader role. 2. For sink: In Storage Explorer, grant the MI/SP at least Execute permission for ALL upstream folders and the file system, along with Write permission for the sink folder. Alternatively, in Access control (IAM), grant the MI/SP at least the Storage Blob Data Contributor role. Also please ensure that the network firewall settings in the storage account are configured correctly as turning on firewall rules for you. Since I already assigned roles and also checkmarked 'Allow Azure services on the trusted services list to access this storage account' in the storage account firewall, I am not sure why it is throwing this error particulary at the Data flow activity in debug mode. Surprisingly, copy data activity is working fine in the Blob storage itself.

Please suggest on how to resolve this error.

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,982 questions
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
11,010 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Amira Bedhiafi 27,436 Reputation points
    2023-09-15T09:58:49.7133333+00:00

    You error is related to permissions, but you've stated that the appropriate permissions have already been set. Sometimes, there is a delay in propagating IAM permissions. Ensure that you've waited a few minutes after assigning the roles before trying the operation again.

    Azure Blob Storage has a hierarchical structure, and sometimes permissions at higher levels don't trickle down to lower levels as expected. Explicitly grant permissions to the folder or blob in question to make sure that isn't the issue.

    0 comments No comments

  2. Mehul Patel 0 Reputation points
    2024-06-05T22:44:33.61+00:00

    I have the same issue but doesn't resolve with above answer. any other suggestion?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.