Not authorized to view storage and logs for trusted signing account I created

Dave 166 Reputation points
2024-10-01T20:03:33.6633333+00:00

I'm trying to get usage metrics from trusted monitoring so I can monitor usage before we hit the monthly cap and start being billed extra.

I am following the instructions to store logs from trusted signing within the Azure storage account as defined here - https://learn.microsoft.com/en-us/azure/trusted-signing/how-to-sign-history.

When I get to the last step:

  1. In the list, select the container named...

I get:

This request is not authorized to perform this operation.

Why? I'm using the same account to create the storage account that I also used to create the trusted signing account and add the diagnostic setting, so why can't I view the logs?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,141 questions
Azure Trusted Signing
Azure Trusted Signing
Trusted Signing is a Microsoft fully managed, end-to-end signing solution that simplifies the certificate signing process and helps partner developers more easily build and distribute applications.
91 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vinod Kumar Reddy Chilupuri 230 Reputation points Microsoft Vendor
    2024-10-03T08:39:57.11+00:00

    Hi Dave,
    Welcome to Microsoft Q&A, thanks for posting your query.

     

    The error message you got "This request is not authorized to perform this operation" indicates that the account you are using doesn't have the permission to access the container in the azure storage account, even you are using same storage account you need to setup the storage and trusted signing account. Here are some possible reasons for this issue.

    When you create an Azure Storage account, you are not automatically assigned permissions to access data via Microsoft Entra ID. You must explicitly assign yourself an Azure role for access to Blob Storage. You can assign it at the level of your subscription, resource group, storage account, or container.

    Make sure that your account has the necessary permissions to access the container in the azure storage account. You can check the permissions by navigating to the storage account, select "Access Control (IAM)" and check the role assignments tab. Make sure your account has "Storage Blob Data Contributor" or "Storage Blob Data Reader " role assigned.

    Make sure that your diagnostics settings for trusted signing account are set up properly. You can check this in Azure portal.  Navigate to Storage account > Monitoring (Classic) > Diagnostic settings. 

    Ensure that the storage account is chosen as the destination for the logs check whether the container name is correct.

     

    Reference:

    https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory

    https://learn.microsoft.com/en-us/azure/trusted-signing/how-to-sign-history#configure-diagnostic-settings

    https://learn.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access?tabs=portal

     

    Please let us know if you have any further queries. I’m happy to assist you further. 


    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.