The client with the object identifier does not have permission to perform the action "Microsoft.DataFactory / datafactories / datapipelines / read" by area

Question

The client with the object identifier does not have permission to perform the action "Microsoft.DataFactory / datafactories / datapipelines / read" by area

I tried to programmatically invoke a data factory pipeline from an Azure function. The following error throws him out.

link: http://eatcodelive.com/2016/02/24/starting-an-azure-data-factory-pipeline-from-c-net/
AuthorizationFailed: Client 'XXXX-XXXXX-XXXX' with object identifier 'XXX829e05'XXXX-XXXXX' does not have authority to perform the action 'Microsoft.DataFactory / datafactories / datapipelines / read' over scope '/ subscription / XXXXXX-4bf5-84c6 - 3a352XXXXXX / resourcegroups / fffsrg / vendors /Microsoft.DataFactory/datafactories/ADFTestFFFS/datapipelines/ADFTutorialPipelineCustom.

I tried to find similar problems, but none of the search results gave me a solution to my problem. Could you tell us what could be the problem?

The goal is to start the data factory pipeline whenever a file is added to a blob. therefore, to achieve the result, we try to call the data factory pipeline from the azure function using the blob trigger.

+12

azure azure-functions azure-data-factory

ravibhat Feb 09 '17 at 11:00

source share

7 answers

SharmM · Answer 1 · 2017-02-10T22:25:57+0000

You receive an error message that you do not have permission to perform the "Microsoft.DataFactory / datafactories / datapipelines / read" action on the pipeline area because you do not have the appropriate permissions for the datafactory.

"Contributor"/"DataFactoryContributor" . Azure RBAC :

https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-built-in-roles

ADF Azure, AAD - ADF. AAD :

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authenticate-service-principal

, Active Directory, , " " ADF.

shebin c babu · Answer 2 · 2018-10-25T06:42:10+0000

1:
2: .

3: Access Control IAM, Add.

4. " " . , Azure AD ( Azure Active Directory), . Azure Resource Management.

5. , , "" , . .

Rob Targosz · Answer 3 · 2018-08-14T19:50:51+0000

, , , ( 2). az login --subscription .

Michael Hunter · Answer 4 · 2018-11-06T01:04:59+0000

. Azure RBAC https://blogs.msdn.microsoft.com/azure4fun/2016/10/20/common-problem-when-using-azure-resource-groups-rbac/

, .

, , , .

, , , . .

, , .

Azure ( ) , . , , Microsoft.Compute, .

.

, Azure (ARM) , . Azure, , , , ARM . ( ) .

Azure . , IoTHub .

, , , . , IoThub.

, , , , HDInsight, IotHub SQLDW… .., , , , .

Jeyachandran · Answer 5 · 2018-01-08T04:10:19+0000

:

1. Azure Active.
2: 'Data Factory Contributor . , .

. , Azure.
:

1: $azureAdApplication = New-AzureRmADApplication -DisplayName <AppName> -HomePage <URL> -IdentifierUris <URL with domain> -Password <Password>
2: New-AzureRmRoleAssignment -RoleDefinitionName "Data Factory Contributor" -ServicePrincipalName $azureAdApplication.ApplicationId

user3828102 · Answer 6 · 2018-09-15T15:15:33+0000

: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal

"", "", .

geliz zhang · Answer 7 · 2018-09-18T01:20:45+0000

I decided by following this post: https://www.nwcadence.com/blog/resolving-authorizationfailed-2016 using the command in PowerShell:

Get-AzureRmResourceProvider -ListAvailable | Select-Object ProviderNamespace | Foreach-Object { Register-AzureRmResourceProvider -ProviderName $_.ProviderNamespace}

The client with the object identifier does not have permission to perform the action "Microsoft.DataFactory / datafactories / datapipelines / read" by area

More articles: