Azure Functions SCM Authorization Error

Zarick 26 Reputation points

I have setup 3 Azure Functions (all are dedicated Premium plan, Linux and Java), I can access the SCM for the first Azure Functions APP, but I cannot access the other two.

We are using AzureAD.

I have check the underlying browser traffic (Chrome DevTools), the traffic between these site are the same. The all first redirect me to MS login, and it redirect back to the sso site.

Seems the one differences is, for the 2nd and 3rd Functions App SCM, they denied my access. But does not make sense, I'm using the same user account. All Functions App are. under same Subscriptions (We assign Custom Role on Subscription level).

Is there anything missed or anything I can check?

With az create-remote-connection, I can get SSH access to all three site.
Is there any internal Kudu logs I can check with SSH?

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,471 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Zarick 26 Reputation points


    @Pramod Valavala nope, my site doesn't have network restrictions. Network access restrictions are indeed disabled due to the use of Private Endpoint. However, I found the SCM site is suddenly working again after a few days.

    In general, if I got an Authorization Error, is there any mechanism to see these access denial logs?
    For example, a log entry give a more detailed reason why a user is rejected.

    For Storage Account, I can enable the diagnostic setting and see the Access log (accept / denied) via Log Analytiscs.
    Are there any similar things for the App Service SCM site?

    0 comments No comments