This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 50%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
We are experiencing a 403 AuthorizationPermissionMismatch error when attempting to upload a file to an Azure Blob Storage container using azcopy with a service principal. Despite successful authentication, the request is denied due to permission mismatch.
INFO: Authentication failed, it is either not correct, or expired, or does not have the correct permission
PUT https://abc.blob.core.windows.net/abc/Tele.hex
RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
ERROR CODE: AuthorizationPermissionMismatch
Azure Service Principal has storage Blob data owner permissions for the Storage account.
The ARM service connection is authenticated successfully on Azure DevOps side.
The network Setting is set to allow all, The Blob Storage Container has racwdl permissions.
Verified:
Verified Service Principal Authentication:
Checked Role Assignments:
Checked Storage Account Network Rules:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 85%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
Hello Ahsaan Mukhi,
Checking to see whether you have resolved the issue with the solution provided above, or if you need any further assistance, please let us know.
Hi Ahsaan Mukhi,
I wanted to follow up and see if the answer helped (pointed you in the right direction) > please click Accept Answer. which might be beneficial to other community members reading this thread. And, if you have any further queries do let us know.
Hi Ahsaan Mukhi
I guess, in addition to the Blob data owner permissions, you also need to assign the IAM role 'Storage Blob Data Contributor' to the Service Principal
Hope this helps.
--please don't forget to upvote and Accept as answer if the reply is helpful--
Thanks Manu for the reply,
I added both the permissions to the service principal. Below is the screenshot.
Hi Ahsaan Mukhi
I suggest you test this by assigning the IAM permissions to the Service Principal through Resource Group also.
Get the service principal details and assign the similar IAM permissions to the Service Principal from Resources Group as shown above. After the change, you may have a try again accessing the blob
Hope this helps.
--please don't forget to upvote and Accept as answer if the reply is helpful--
Hello Ahsaan Mukhi,
The 403 AuthorizationPermissionMismatch error you are encountering when using azcopy to upload a file to Azure Blob Storage typically indicates that the service principal does not have the necessary permissions for the operation you are trying to perform. Even though you mentioned that the service principal has "storage Blob data owner" permissions, it's important to ensure that the following are correctly configured:
References:
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you.