Fail to create azure synapse link for dataverse in Power Apps

Toms Ng 25 Reputation points
2024-03-20T02:47:27.71+00:00

Hi Experts,

This is Toms.

I tried a few of times but I still failed to create azure synapse link for dataverse through Power Apps. The error message is
{"code":"AuthorizationFailed","message":"The client 'XXX' has an authorization with ABAC condition that is not fulfilled to perform action 'Microsoft.Authorization/roleAssignments/write' over scope '/subscriptions/xxx-xxx-xxx/resourceGroups/xxxxx/providers/Microsoft.Storage/storageAccounts/esdeventcapture/providers/Microsoft.Authorization/roleAssignments/or scope is invalid. If access was recently granted, please refresh your credentials."}

I got 'Contributor' role in resource group

I got 'Contributor', 'Owner' & 'Storage Blob Data Contributor' in storage account

Please help

Many thanks

Toms

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,316 questions
0 comments No comments
{count} votes

Accepted answer
  1. PRADEEPCHEEKATLA-MSFT 76,281 Reputation points Microsoft Employee
    2024-04-05T03:51:42.2366667+00:00

    @Toms Ng - I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to accept the answer .

    Ask: Fail to create azure synapse link for dataverse in Power Apps

    Solution: The synapse link for dataverse has been created.

    Here is the Service Request #: 2403280060000490

    After we changed the condition of tkpng@hku.hk to 'Add', waited for a while and tried again, the synapse link for dataverse has been created successfully.

    User's image

    If I missed anything please let me know and I'd be happy to add it to my answer, or feel free to comment below with any additional information.

    If you have any other questions, please let me know. Thank you again for your time and patience throughout this issue.


    Please don’t forget to Accept Answer and Yes for "was this answer helpful" wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. PRADEEPCHEEKATLA-MSFT 76,281 Reputation points Microsoft Employee
    2024-03-20T08:54:41.0233333+00:00

    @Toms Ng - Thanks for the question and using MS Q&A platform.

    It seems like you are facing an authorization issue while creating an Azure Synapse link for Dataverse through Power Apps. The error message indicates that the client 'XXX' does not have the required authorization to perform the action Microsoft.Authorization/roleAssignments/write over the specified scope.

    To resolve this issue, you can try the following steps:

    • Make sure that you have the required permissions to create a role assignment. As you mentioned, you have Contributor role in the resource group and Contributor, Owner & Storage Blob Data Contributor in the storage account. These roles should be sufficient to create a role assignment.
    • Check if you have any Azure AD role assignments that are blocking the creation of the role assignment. You can use the Azure portal to view the role assignments for the client 'XXX'.
    • Try refreshing your credentials if you recently granted access.
    • If the issue persists, you can try creating the role assignment using Azure PowerShell or Azure CLI. Here is an example PowerShell command to create a role assignment:
    New-AzRoleAssignment -SignInName <emailOrUserprincipalname> `
    -RoleDefinitionName <roleName> `
    -Scope /subscriptions/xxx-xxx-xxx/resourceGroups/xxxxx/providers/Microsoft.Storage/storageAccounts/esdeventcapture
    

    Replace emailOrUserprincipalname with the email or user principal name of the user or service principal that needs access, roleName with the name of the role you want to assign, and /subscriptions/xxx-xxx-xxx/resourceGroups/xxxxx/providers/Microsoft.Storage/storageAccounts/esdeventcapture with the scope of the role assignment.

    For more details, refer to prerequisites metioned in the official documentation: Create an Azure Synapse Link for Dataverse with your Azure Synapse Workspace and Authorization failed when when writing a roleAssignment MS Q&A thread addressing similar issue.

    Hope this helps. Do let us know if you any further queries.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.