Unable to create Storage Event trigger in Synapse Data Factory

Question

I want to create a pipeline triggered by an event in my storage account : when a blod is created inside.nWhen I want to publish that event trigger in synapse, I have this error :

The client 'd4d9f262-75fa-4138-845c-019afa12cf7a' with object id 'd4d9f262-75fa-4138-845c-019afa12cf7a' does not have authorization to perform action 'Microsoft.EventGrid/eventSubscriptions/write' over scope '/subscriptions/7af8cec8-595b-47d0-926e-f9ba19bd8c16/resourceGroups/DEV/providers/Microsoft.Storage/storageAccounts/aiaconvergencedevsa01/providers/Microsoft.EventGrid/eventSubscriptions/29b4ebd9-ec93-6128-3724-73df98ca7f28' or the scope is invalid. If access was recently granted, please refresh your credentials.

The storage account i'm using is the default storage account (adls gen2) used when I created synapse workspace. Microsoft event grid is also registerd in my subscription.

I don't know how to solve this.

Can someone please help me ?

Answer 1

Hello Junior Steve KAMDEM DJOKO,

Thank you for posting your question in the Microsoft Q&A Community.

I understand that you are not able to create Storage Event trigger in Synapse Data Factory due to permission issue.

Based on the error above, please be informed that you do not have the required permission to perform this operation.

To resolve this, you need to be assigned Event Grid Subscription Contributor role to be able to manage event subscriptions. Kindly contact the Owner on the subscription to assign this permission to your account.

Alternatively, a custom role can be created with the required permission added to the Action block of the role ('Microsoft.EventGrid/eventSubscriptions/write')

Follow this link to get more information on permission needed to manage Event subscription.

https://learn.microsoft.com/en-us/azure/event-grid/security-authorization

Let me know if further assistance is needed.

Babafemi

Answer 2

Hello Junior Steve KAMDEM DJOKO,

Thank you for posting your query here!

Adding on to the previous response, as per the error message it seems like the client, identified by the object ID 'd4d9f262-75fa-4138-845c-019afa12cf7a', does not have the required permissions to create an event subscription in the Azure Event Grid.

Typically, you would assign the 'EventGrid Contributor' or 'EventGrid Event Subscription Contributor' role at the appropriate scope.

Access to Azure resources can be granted by users who have appropriate permissions, typically users with roles such as Owner, Contributor, or User Access Administrator.

Steps to grant access (Azure Portal):

· Go to the Azure Portal and navigate to the specific resource (e.g., Storage Account).

· In the left-hand menu, find and click on "Access control (IAM)".

· Click on the "+ Add" button and select "Add role assignment".

· Choose the appropriate role from the list (e.g., EventGrid Contributor, EventGrid Event Subscription Contributor).

· In the "Assign access to" section, specify the user, group, or service principal to which you want to grant access.

· Click "Save" to apply the role assignment.

Once access is granted, try refreshing the credentials to ensure that the changes take effect.

Additional points to consider:

· Make sure that your subscription is registered with the Event Grid resource provider. If you are using this feature in Azure Synapse Analytics, please ensure that your subscription is also registered with Data Factory resource provider.

· If the storage account is behind a private endpoint and blocks public network access, you need to configure network rules to allow communications from blob storage to Azure Event Grid

Do let us know if you have any further queries. I’m happy to assist you further.

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.