Azure Data Factory: Missing data in the Monitor Dashboard for Data Factory Contributor role

Maneesha Nidhi 21 Reputation points
2020-07-13T07:27:36.407+00:00

Observed a disparity in the Monitor Dashboard view for the Azure Data Factory instance between:

  • user with Owner role at subscription scope, and,
  • user with Data Factory Contributor role at resource group scope

From the account with Owner role privileges, all tabs in the Monitor portal worked as expected and information regarding pipeline runs was surfaced in the 'Dashboards' tab and in the 'Pipeline Runs' tab.

For the account with Data Factory Contributor role, the Dashboard view was not rendered as expected. The 'Pipeline Runs' tab surfaces all the expected past runs, , however for the Dashboard, all metrics had a 'No results' view rendered.

Adding Reader privileges at the resource group level for the account solves this, implying that the inherent permissions are the issue here.

The documentation regarding the Data Factory Contributor role (https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#data-factory-contributor) does not call this out, and wanted to check if this is expected behaviour.

If so, what's the recommendation for providing access to Monitoring Dashboard specific to Azure Data Factory? Should a custom role be created for access to Monitoring Dashboard?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,803 questions
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
666 questions
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
9,546 questions
0 comments
Accepted answer
  1. KranthiPakala-MSFT 46,422 Reputation points Microsoft Employee
    2020-07-14T01:07:02.2+00:00

    Hi @Maneesha Nidhi ,

    Welcome to Microsoft Q&A and thanks for your query.

    As per the below doc, a built-in Reader role is required on the data factory resource for the user in order to view (read) and monitor (dashboard) a data factory.

    MS Doc: Azure Data Factory Roles and Permissions

    • Let a user create, edit, or delete any data factory in a resource group from the Azure portal. Assign the built-in Data Factory contributor role at the resource group level for the user. If you want to allow access to any data factory in a subscription, assign the
      role at the subscription level.
    • Let a user view (read) and monitor a data factory, but not edit or change it. Assign the built-in reader role on the data factory resource for the user.

    Hope this clarifies. If you have any further query, please do let us know.

    ----------

    Thank you
    Please do consider to click on "Accept Answer" and "Upvote" on the post that helps you, as it can be beneficial to other community members.

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest