Hi Tahir,
I tested it without permissions and got a different error message:
"code":"AuthorizationPermissionMismatch","message":"This request is not
authorized to perform this operation using this permission.
So the role/permissions should not be an issue in your environment.
For your error message ("code":"AuthorizationFailure","message":"This
request is not authorized to perform this operation.), I found the
following links:
https://stackoverflow.com/questions/72653133/status-403-code-authorizationfailure-message-this-request-is-not-authorized-t
https://powerusers.microsoft.com/t5/Using-Connectors/Azure-Blob-Storage-this-request-is-not-authorized-to-perform/m-p/2475973#M20786
Based on these, I suggest checking the settings on the Networking tab in
your Storage Account.
Best,
Peter Turcsanyi
On Fri, May 31, 2024 at 10:39 PM Peter Turcsanyi <[email protected]>
wrote:
> R,
>
> You can unsubscribe by sending an email to
> [email protected].
>
> Best,
> Peter Turcsanyi
>
> On Fri, May 31, 2024 at 10:11 PM R <[email protected]> wrote:
>
>> please remove me from this list
>>
>> On Fri, May 31, 2024 at 4:04 PM Peter Turcsanyi <[email protected]>
>> wrote:
>>
>>> Hi Tahir,
>>>
>>> Did you configure system-assigned or user-assigned managed identity for
>>> your VM on the Azure portal?
>>> Did you grant the right role (e.g. Storage Blob Data Owner) to that
>>> managed identity?
>>>
>>> Best regards,
>>> Peter Turcsanyi
>>>
>>> On Fri, May 31, 2024 at 8:10 PM Tahir Khan <[email protected]> wrote:
>>>
>>>> Hi,
>>>>
>>>> We are unable to right to ADLS using NiFi 1.19.1 on Azure. We are not
>>>> using SAS keys but using Managed identity.
>>>>
>>>> How do we troubleshoot this error?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> PutAzureDataLakeStorage[id=cfc5a7dd-018f-1000-f5cb-aea40944549c] Failed
>>>> to create file on Azure Data Lake Storage:
>>>> com.azure.storage.file.datalake.models.DataLakeStorageException: If you are
>>>> using a StorageSharedKeyCredential, and the server returned an error
>>>> message that says 'Signature did not match', you can compare the string to
>>>> sign with the one generated by the SDK. To log the string to sign, pass in
>>>> the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the
>>>> appropriate method call.
>>>>
>>>> If you are using a SAS token, and the server returned an error message
>>>> that says 'Signature did not match', you can compare the string to sign
>>>> with the one generated by the SDK. To log the string to sign, pass in the
>>>> context key value pair 'Azure-Storage-Log-String-To-Sign': true to the
>>>> appropriate generateSas method call.
>>>>
>>>> Please remember to disable 'Azure-Storage-Log-String-To-Sign' before
>>>> going to production as this string can potentially contain PII.
>>>>
>>>> Status code 403,
>>>> "{"error":{"code":"AuthorizationFailure","message":"This request is not
>>>> authorized to perform this
>>>> operation.\nRequestId:f1e09e45-501f-0010-0385-b37c15000000\nTime:2024-05-31T18:05:14.1576031Z"}}"
>>>>
>>>>
>>>>
>>>> Any help will be appreciated.
>>>>
>>>>
>>>>
>>>>
>>>> Nothing in this message is intended to constitute an electronic
>>>> signature unless a specific statement to the contrary is included in this
>>>> message.
>>>>
>>>> Confidentiality Note: This message is intended only for the person or
>>>> entity to which it is addressed. It may contain confidential and/or
>>>> privileged material. Any review, transmission, dissemination or other use,
>>>> or taking of any action in reliance upon this message by persons or
>>>> entities other than the intended recipient is prohibited and may be
>>>> unlawful. If you received this message in error, please contact the sender
>>>> and delete it from your computer.
>>>>
>>>
