question

JesseDavis-8523 avatar image
0 Votes"
JesseDavis-8523 asked PRADEEPCHEEKATLA-MSFT commented

AuthorizationFailed with User-assigned Managed Identity accessing ADF

What I'm trying to do

Create and query ADF pipelines from a consumption-tier Logic App by using a User-assigned managed identity

What I've done
- Created logic app
- Created User-assigned managed identity

For the identity, I have assigned/verify these roles:
- Assigned Reader to the Subscription

The above was insufficient, so then I:
- Added the Identity to the ADF explicitly
- Assigned Owner to the Data Factory explicitly
- Assigned Contributor to the Data Factory explicitly

I continue to receive:

 {
   "error": {
     "code": "AuthorizationFailed",
     "message": "The client '<my-managedidentity-objectid-guid>' with object id '<my-managedidentity-objectid-guid>' does not have authorization to perform action 'Microsoft.DataFactory/factories/pipelines/CreateRun/action' over scope '/subscriptions/<my-subscription-guid>/resourcegroups/<my-resourcegroup>/providers/Microsoft.DataFactory/factories/<my-adf>/pipelines/<my-pipeline>' or the scope is invalid. If access was recently granted, please refresh your credentials."
   }
 }

Any advice is appreciated.




azure-data-factoryazure-logic-appsazure-managed-identity
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JesseDavis-8523 avatar image
1 Vote"
JesseDavis-8523 answered PRADEEPCHEEKATLA-MSFT commented

After some more research:
https://docs.microsoft.com/en-us/azure/data-factory/concepts-roles-permissions

Specifically:

Set up permissions
After you create a Data Factory, you may want to let other users work with the data factory. To give this access to other users, you have to add them to the built-in Data Factory Contributor role on the Resource Group that contains the Data Factory.

This was not intuitive to me, but it resolved the issue.

The following are NOT sufficient to access ADF resources for a User-assigned Managed Identity
- Owner of the Data Factory
- Contributor of the Data Factory



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @JesseDavis-8523,

Glad to know that your issue has resolved. And thanks for sharing the solution, which might be beneficial to other community members reading this thread.

0 Votes 0 ·