question

JuneZhu-4057 avatar image
0 Votes"
JuneZhu-4057 asked JuneZhu-4057 commented

Azure Data Factory - cannot access share folder

Hi, I want to set up a monitoring job on ADF using Scope, but the job failed with error saying no access to the share folder shares/searchDM/distrib, my job highly relies on this folder because I need to use the SLAPI view and data, could someone help take a look and let me know how to get the access?

https://aad.cosmos09.osdinfra.net/cosmos/shopping.prod/shares/searchDM/distrib/released/SLAPI/SearchLogPageView.view?property=info

110504-image.png


azure-data-factoryazure-data-lake-storageazure-data-lake-analytics
image.png (56.9 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

KranthiPakala-MSFT avatar image
0 Votes"
KranthiPakala-MSFT answered JuneZhu-4057 commented

Hi @JuneZhu-4057,

Welcome to Microsoft Q&A forum and thanks for reaching out.

It seems to be an ACL permission issue at the child folder level (`distrib`).

If you are using Service Principal authentication then please grant the service principal proper permission. See examples on how permission works in Data Lake Storage Gen2 from Access control lists on files and directories

  • As source: In Storage Explorer, grant at least Execute permission for ALL upstream folders and the file system, along with Read permission for the files to copy. Alternatively, in Access control (IAM), grant at least the Storage Blob Data Reader role.

  • As sink: In Storage Explorer, grant at least Execute permission for ALL upstream folders and the file system, along with Write permission for the sink folder. Alternatively, in Access control (IAM), grant at least the Storage Blob Data Contributor role.

Note: If you use Data Factory UI to author and the service principal is not set with "Storage Blob Data Reader/Contributor" role in IAM, when doing test connection or browsing/navigating folders, choose "Test connection to file path" or "Browse from specified path", and specify a path with Read + Execute permission to continue.


If you are using Managed Identity authentication, then please grant the managed identity proper permission. See examples on how permission works in Data Lake Storage Gen2 from Access control lists on files and directories.

  • As source: In Storage Explorer, grant at least Execute permission for ALL upstream folders and the file system, along with Read permission for the files to copy. Alternatively, in Access control (IAM), grant at least the Storage Blob Data Reader role.

  • As sink: In Storage Explorer, grant at least Execute permission for ALL upstream folders and the file system, along with Write permission for the sink folder. Alternatively, in Access control (IAM), grant at least the Storage Blob Data Contributor role.

Note: If you use Data Factory UI to author and the managed identity is not set with "Storage Blob Data Reader/Contributor" role in IAM, when doing test connection or browsing/navigating folders, choose "Test connection to file path" or "Browse from specified path", and specify a path with Read + Execute permission to continue.

Hope this info helps. Do let us know how it goes.



Please don’t forget to Accept Answer and Up-Vote wherever the information provided helps you, this can be beneficial to other community members.











· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for response. I'm not sure which authentication I'm using and how to check the corresponding storage account, could you help take a look?110876-image.png


0 Votes 0 ·
image.png (17.3 KiB)

Hey @KranthiPakala-MSFT,

We have an ADLS Gen1 Storage Account (ms.portal.azure.com), which is accessed using a Service Principal from the ADF. The Service Principal has been granted owner permission for the ADLS account. Not sure what we should do here. Could you tell us what we would need to do?


0 Votes 0 ·

Hi @adityakhandelwal-8008,

Sorry for the delay. To double check if the right permissions are granted for your Service principal, could you please test the permissions by using POSTMAN using ADLS Gen1 REST Api and the service principal? - Azure Data Lake Storage Gen1 REST API


0 Votes 0 ·

Hi @adityakhandelwal-8008,

Following up to see if your issue was resolved or still need assistance on it? Incase if any of the response answers your query, please do click “Accept Answer” and/or Up-Vote, as it might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

Thank you

0 Votes 0 ·
Show more comments