Cannot upload file into storage container!

Question

Cannot upload file into storage container!

rain purple 300

屏幕截图(488)

Hello, support team:

I face a technical problem, maybe the basic problem because I don't know how to use this software or language.

I just write the expression about this issue I faced with storage account, and meet a language trouble together, when I want to adjust the text, the writing page is locked with SQL language, so I use screenshot to copy and save the previous input ,please check on attached.

How can I fix this issue described on attached with my storage account?

Thanks a lot!

rain

Nov. 9th ,2025

rain purple 300

Yes, Venkatesan S

I face a series issue when I upload the files into storage account. I don't know how to solve this  sensitive issue , so I buy a developer plan for only one month( I can overtake by myself) to solve this problem.  but I don't know how to contact with the technical support team. 

The  IAM role issue is on going  with subscription management team now.  and my follow issue is the label problem. I NEED to use label, but I have no one. that's the big problem.

Thank you very much for your support, Venkatesan, do you have any suggestion with that sensitive label issue?

rain

Venkatesan S 9,305 Reputation points Microsoft External Staff Moderator

2025-11-11T17:40:46.8166667+00:00
rain purple

my follow issue is the label problem. I NEED to use label

If you mean Azure Resource Tags (labels) — for example, when you want to organize resources using “Environment = Prod” or “Project = App1” You can create or apply tags directly in the Azure Portal:

Go to the resource (Storage Account.).

In the left menu, select Tags.

Add a key-value pair (for example:

Key: Environment

Value: Production

Click Apply.

If you meant Azure Information Protection (AIP) labels (sensitivity labels), then you’ll need:

Microsoft Purview Information Protection or Microsoft 365 Compliance Center access

An admin to publish sensitivity labels for your user in the compliance portal.

Ask your Microsoft 365 or security admin to verify that sensitivity labels have been published to your account. Without that, you won’t see or be able to use any labels.

Path (for admin):

Microsoft Purview Portal → Information Protection → Labels → Create or Publish a label policy → Assign your user to it.
rain purple 300 Reputation points

2025-11-12T14:22:02.6966667+00:00
Thank you very much for your explain, **[Venkatesan S](https://learn.microsoft.com/en-us/users/na/?userid=2652fc2d-c193-4dc1-bad1-fee2163faae4) . I have no Purview now, maybe I haven't subscribe it.** the label(***标识***) appeared when I upload file into machine learning workstation.

They showed in Chinese, but I cannot translate it into English for you, because I face a log-in issue with my account, that means I can't log in Azure account(I cannot ask for copilot's help) . Hope the issue can be solved earlier.

The Chinese feedback is:"错误，你无权对数据存储（名称）执行上传操作，因为......(此处内容省略），需要迁移中心/工作区以使用标识 ，并为存储账户（账户名称）的用户（用户名称）分配角色（具体的角色名称，即存储blob数据参与者等角色）“ you need to translate it by yourself, because when I asked it for copilot later, he told me a name for ”标识“, that name is not a label, also not a tag too, but I forgot the detail name,. just know it's binding with user's account or license.

so if I cannot log in Azure portal, how can I create a technical support request for my account issue?

Thanks a lot.

rain
Venkatesan S 9,305 Reputation points Microsoft External Staff Moderator

2025-11-14T17:28:40.75+00:00
Error, you are not authorized to perform an upload operation on the data store (name) because... (details omitted here). You need to migrate the center/workspace to use the identifier and assign roles (specific role names, such as storage blob data participants, etc.) to the user (username) of the storage account (account name).

You’re seeing this error because the current center/workspace is not using a managed identity. To resolve it, you need to:

Migrate the workspace to use an identity (managed identity).

Assign the required RBAC roles (for example: Storage Blob Data Contributor, Storage Blob Data Participant, etc.) to the specific user and the storage account mentioned in the error.

Once the workspace is using the correct identity and the required roles are assigned, the operation should work without errors.

2 answers

Your answer

rain purple 300 Reputation points

2025-11-11T04:59:13.76+00:00

Yes, Venkatesan S

I face a series issue when I upload the files into storage account. I don't know how to solve this sensitive issue , so I buy a developer plan for only one month( I can overtake by myself) to solve this problem. but I don't know how to contact with the technical support team. The IAM role issue is on going with subscription management team now. and my follow issue is the label problem. I NEED to use label, but I have no one. that's the big problem.

Thank you very much for your support, Venkatesan, do you have any suggestion with that sensitive label issue?

rain
Venkatesan S 9,305 Reputation points Microsoft External Staff Moderator

2025-11-11T17:40:46.8166667+00:00

rain purple

my follow issue is the label problem. I NEED to use label

If you mean Azure Resource Tags (labels) — for example, when you want to organize resources using “Environment = Prod” or “Project = App1” You can create or apply tags directly in the Azure Portal:

Go to the resource (Storage Account.).

In the left menu, select Tags.

Add a key-value pair (for example:

Key: Environment

Value: Production

Click Apply.

If you meant Azure Information Protection (AIP) labels (sensitivity labels), then you’ll need:

Microsoft Purview Information Protection or Microsoft 365 Compliance Center access

An admin to publish sensitivity labels for your user in the compliance portal.

Ask your Microsoft 365 or security admin to verify that sensitivity labels have been published to your account. Without that, you won’t see or be able to use any labels.

Path (for admin):

Microsoft Purview Portal → Information Protection → Labels → Create or Publish a label policy → Assign your user to it.
rain purple 300 Reputation points

2025-11-12T14:22:02.6966667+00:00

Thank you very much for your explain, **[Venkatesan S](https://learn.microsoft.com/en-us/users/na/?userid=2652fc2d-c193-4dc1-bad1-fee2163faae4) . I have no Purview now, maybe I haven't subscribe it.** the label(***标识***) appeared when I upload file into machine learning workstation.

They showed in Chinese, but I cannot translate it into English for you, because I face a log-in issue with my account, that means I can't log in Azure account(I cannot ask for copilot's help) . Hope the issue can be solved earlier.

The Chinese feedback is:"错误，你无权对数据存储（名称）执行上传操作，因为......(此处内容省略），需要迁移中心/工作区以使用标识 ，并为存储账户（账户名称）的用户（用户名称）分配角色（具体的角色名称，即存储blob数据参与者等角色）“ you need to translate it by yourself, because when I asked it for copilot later, he told me a name for ”标识“, that name is not a label, also not a tag too, but I forgot the detail name,. just know it's binding with user's account or license.

so if I cannot log in Azure portal, how can I create a technical support request for my account issue?

Thanks a lot.

rain
Venkatesan S 9,305 Reputation points Microsoft External Staff Moderator

2025-11-14T17:28:40.75+00:00

Error, you are not authorized to perform an upload operation on the data store (name) because... (details omitted here). You need to migrate the center/workspace to use the identifier and assign roles (specific role names, such as storage blob data participants, etc.) to the user (username) of the storage account (account name).

You’re seeing this error because the current center/workspace is not using a managed identity. To resolve it, you need to:

Migrate the workspace to use an identity (managed identity).

Assign the required RBAC roles (for example: Storage Blob Data Contributor, Storage Blob Data Participant, etc.) to the specific user and the storage account mentioned in the error.

Once the workspace is using the correct identity and the required roles are assigned, the operation should work without errors.

Answer 1

Hi rain purple,

Thanks for reaching out Microsoft Q&A,

OAuthAuthorizationErrorDetail: [RBAC] Access denied - no role assignment that permits Data Action Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read, reason DeniedWithNoValidRBAC.

The above error happens when you lack the necessary permissions or rights to access the storage account.

For accessing storage account, you need Storage Blob Data Contributor(存储 Blob 数据参与者) Role at storage account level.

Portal -> Storage account -> Access Control (IAM) -> Role assignments(角色分配)->Scope: This resource(此资源)

Portal: User's image

Now, you can be able to upload the files to Azure Storage account.

Error, you are not authorized to perform an upload operation on the data store (name) because... (details omitted here). You need to migrate the center/workspace to use the identifier and assign roles (specific role names, such as storage blob data participants, etc.) to the user (username) of the storage account (account name).

You’re seeing this error because the current center/workspace is not using a managed identity. To resolve it, you need to:

Migrate the workspace to use an identity (managed identity).

Assign the required RBAC roles (for example: Storage Blob Data Contributor, Storage Blob Data Participant, etc.) to the specific user and the storage account mentioned in the error.

Once the workspace is using the correct identity and the required roles are assigned, the operation should work without errors.

Please let me know if you’d like any additional edits or information included.

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Answer 2

RevelinoB 3,685

Hi @rain purple

Thanks for sharing the details and the screenshot! From what you described, it sounds like there may be two separate issues:

Storage upload issue – this could be caused by a network or RBAC permission limit on your storage account. Could you please confirm if your account has the Storage Blob Data Contributor or Owner role assigned? You can check this in the Azure Portal under Access Control (IAM) for your storage account.

Page locked in SQL/YAML editor – that’s most likely a display or format issue in the Q&A editor, not related to your storage service. You can try switching the Edit development language back to “None” or “Plain text,” then paste your YAML or script again.

If you’re still unable to upload files to the container after checking permissions, please share the exact error message or screenshot from the Azure Portal or CLI. That’ll help narrow it down further.

Hope this helps you move forward!

rain purple 300 Reputation points

2025-11-09T15:52:02.3666667+00:00
Yes, RevelinoB

Thank you very much for your fast response.

I have two screenshots for the same storage diagnose, one is feedback with firewall issue, rejecting identity or delegation issue, but I try some suggestions I can do myself, there's no any improvement .

the second is the new for this morning, give a feedback with the lack of oAuth 令牌（token)?

please check the picture about Azure portal,maybe there's need some translational assistant because of Chinese version.

Thanks a lot.

rain
RevelinoB 3,685 Reputation points

2025-11-09T16:07:32.64+00:00
Hi @rain purple

Thanks for sharing the screenshots — that helps a lot. (I had to translate your screenshot from Chinese, but what I can see)

From the diagnostic output, the issue is caused by missing Azure RBAC (role-based access control) permissions for your account on the storage account copilotvmdiag. The key message is:

OAuthAuthorizationErrorDetail: [RBAC] Access denied - no role assignment that permits Data Action Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read, reason DeniedWithNoValidRBAC.

This means your account or identity (the Bearer token) doesn’t have a role that allows read/write operations on blobs in that storage container.

How you can fit it:

Check your access level

In the Azure portal, open your Storage Account → Access Control (IAM) → View my access.

See if you have any of these roles assigned: *Storage Blob Data Contributor* *Storage Blob Data Owner* *Storage Account Contributor* Ask an admin (if needed) If this is a company or shared subscription, ask an Azure admin to assign you one of the roles above on the correct scope (storage account or container level). Wait a few minutes and re-authenticate After the role is assigned, wait 5–10 minutes, then sign out/in to refresh your Azure session and try uploading the file again.

If this is a personal account (not under a company subscription), you may not have sufficient permissions to grant roles yourself — in that case, try creating a new storage account under your own subscription and test again.

Let us know what happens after checking your RBAC roles, and we can help further.

Hope this helps.
rain purple 300 Reputation points

2025-11-09T17:37:26.3866667+00:00
Thank you very much for your suggestion. I try that and get a feedback:

add a new role: I can add the role "Storage Blob Data Contributor“you recommend with the Chinese name(存储Blob数据参与者？）in other subscription, but can not add in this special subscription with the issue storage account.
I cannot add any of role you recommend: *Storage Blob Data Contributor* , *Storage Blob Data Owner* or *Storage Account Contributor* in this special subscription facing storage issues.

my current roles: all my current role is Chinese name with 所有者(owner?) ,存储表数据参与者（storage data contributor?) ,安全读取者（security reader?).

and all the range of role I can apply in this subscription is also with Chinese name: 备份参与者（backup contributor?), 标记参与者（label contributor?),成本管理参与者(cost management contributor?) ,流量管理器参与者（how to translate?) and 存储表参与者(storage data contributor?), only five, please check the picture.

Thanks a lot!

rain

Share via

Cannot upload file into storage container!

2 answers

Your answer