How do I fix "error 403" when i try to read data to my blob storage account?

Edudzi 0 Reputation points
2024-10-29T08:40:53.8533333+00:00

i created a logic app that fetches data from an API but then the data is extracted but it does not store to the blob storage i added. I get some error 403 with the following error message

"{ "status": 403, "message": "AuthorizationPermissionMismatch\r\nclientRequestId: 1d142419-7bcd-4720-ba4a-8955d3973f61", "error": { "message": "AuthorizationPermissionMismatch" }, "source": "azureblob-ncus.azconn-ncus-001.p.azurewebsites.net" }"

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,220 questions
Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,201 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Hari Babu Vattepally 400 Reputation points Microsoft Vendor
    2024-10-29T10:14:11.41+00:00

    Hi @Edudzi

    Welcome to Microsoft Q&A Forum. Thanks for posting your query here!

    Based on the error message it states that there is "AuthorizationPermissionMismatch" on the source: Blob storage. It's permission issue. Please provide mentioned access for client_id = "xxxxxxxxxxxxxxxxxxxxxxx" (IAM permission) please go into your storage account > IAM > Add role assignment and add the special permissions for this type of request. Other possible ways are due to the Wrong Storage Account Keys and/or Storage Account name, or SAS Expired or Azure Storage Firewall has been configured and customer's IP/subnet has not been granted access. (You can also get a 403 error if the time on the server is not in sync with the time on storage servers.

    Verify correct credentials:

    • Ensure that the client ID you’re using has the necessary permissions. You mentioned that you’ve granted the Storage Blob Data Contributor role to the app, which is a good start.
    • However, also verify that the app has the required permissions for the specific operation (PUT request in this case). Sometimes, it’s not just about the role but also about the specific permissions within that role.
    • Go to your storage account in the Azure Portal, navigate to IAM (Identity and Access Management), and add the necessary permissions for your app.

    Make sure that the Storage Account name is correct and has not been mistyped.

    Also Enabling "Allow trusted Microsoft services to access this storage account" allows you to access storage account.

    Ensure that you have _Contributor _and Blob Data Contributor permissions on the storage account.

    Additional information: Assign an Azure role for access to blob data

    Similar issue SO thread for reference - https://stackoverflow.com/questions/66525481/authorization-permission-mismatch-when-trying-to-put-a-file-in-azure-blob-with-a, https://stackoverflow.com/questions/52769758/azure-blob-storage-authorization-permission-mismatch-error-for-get-request-wit

    Hope this answer helps!  Please let us know if you have any further queries. I’m happy to assist you further.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.