question

Hiten004 avatar image
0 Votes"
Hiten004 asked ·

Unable to use Azure Storage Explorer (Preview) in portal

Storage Explorer in the portal does not work for a user that is RBAC'd for Reader on the account, and Storage Blob Data Contributor on a container. The storage account shows in the explorer but when I expand it I get this error: 



 "Error responseJSON: {"error":{"code":"AuthorizationFailed","message":"The client 'demo_1@xxxxxxx.onmicrosoft.com' with object id 'xxxxxxxxxxxxxxxxx' does not have authorization to perform action 'Microsoft.Storage/storageAccounts/listKeys/action' over scope '/subscriptions/xxxxxxxxxxx/resourceGroups/rg-az-203/providers/Microsoft.Storage/storageAccounts/storaz203' or the scope is invalid. If access was recently granted, please refresh your credentials."}} status: 403" 

Storage Explorer Desktop DOES WORK as expected for the user.


I have no issues with the portal Storage Explorer when signed in as Global Administrator.


The Global Admin account is a Microsoft account. The account I'm having trouble with is an Azure AD account. The Azure AD Tenent is the Free level.

[Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question.] Source: MSDN


azure-storage-explorer
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ManuPhilip avatar image
0 Votes"
ManuPhilip answered ·

Hello,
I guess, your account is missing a required RBAC role: Storage Blob Data Reader


Assign both Reader and Storage Blob Data Reader roles to the user. The first one is required for the user to see the storage account resource in the Portal. Storage Blob Data Reader is required to access data without keys.

Regards,
Manu

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.