Share via

Getting Unauthorized error while creating entity process using api in azure purview

Sri Lakshman Velugubantla 20 Reputation points
2024-10-04T13:16:27.1733333+00:00

So far I have set up the API using a service principal. I am able to GET glossary terms, entities and POST glossary terms to entities. I am now trying to create a process between two existing entities, using API, but I get an unauthorized error. I have data curator role and other access also fine but still getting error can you please help me to resolve this

URL

{

"entity": {

"status": "ACTIVE",

"version": 0,

"typeName": "Process",

"attributes": {

    "inputs": [

        {"guid": "4692ba89-45ef-46da-bb12-26f6f6f60000"}

    ],

    "outputs": [

        {"guid": "ce8aabb4-b8a8-4abe-862c-55f6f6f60000"}

    ],

    "qualifiedName": "apacheatlas://customlineage01",

    "name": "lineage01"

}

}

}

"requestId": "75e42a72-63fe-4f25-b523-7407f5059932",

"errorCode": "ATLAS-403-00-001",

"errorMessage": "9a3ddd3f-eb18-45d9-a671-f591b47f2eeb is not authorized to perform create entity: type=Process
Microsoft Security Microsoft Purview
Accepted answer
  1. Chandra Boorla 14,510 Reputation points Microsoft External Staff Moderator
    2024-10-04T18:24:27.7966667+00:00

    Hi @Sri Lakshman Velugubantla

    Greetings & Welcome to Microsoft Q&A forum! Thanks for posting your query!

    As I understand that you are trying to create a lineage process between two existing entities using the Microsoft Purview API. Despite having the Data Curator role, you are encountering an unauthorized error.

    The error message ATLAS-403-00-001 indicates that the service principal (with GUID 9a3ddd3f-eb18-45d9-a671-f591b47f2eeb) is not authorized to create an entity of type Process. This is a permissions issue, despite your Data Curator role.

    Here are some possible causes and resolutions:

    Insufficient Permissions: Ensure that the service principal has been assigned the necessary roles and permissions. The Data Curator role should generally suffice, but there might be additional custom roles or policies required for creating certain types of entities.

    Scope of Permissions: Verify that the permissions assigned to the service principal cover the scope required to create a Process entity. Sometimes permissions are scoped to specific collections or data assets.

    API Permissions: Make sure that the API permissions granted to the service principal include the ability to create entities. This might need to be checked in the Azure portal under the API permissions section for your app registration.

    Role Assignment Location: Confirm that the Data Curator role has been assigned at the right level (e.g., at the catalog level or at the specific collection level) where the entities reside.

    For more details please refer: https://learn.microsoft.com/en-us/purview/classic-data-governance-permissions#roles

    For some insights on a similar issue, kindly refer to the thread link: https://learn.microsoft.com/en-us/answers/questions/1233528/unauthorized-not-authorized-to-create-processes-in

    I hope this information helps. Please do let us know if you have any further queries.

    Thank you.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.