Can connect to Storage but cannot view blob containers, file shares, tables

Mahadev, Rakesh [HAEA] 140 Reputation points
2024-08-13T11:13:31.0166667+00:00

Hello Team,

I can connect to Storage account through SAS token but cannot view blob containers, file shares, tables. It is giving the below error when I expand the container getting below error.

Error Details: { "name": "RestError", "code": "AuthorizationFailure", "statusCode": 403, "request": { "streamResponseStatusCodes": {}, "url": "https://##########.blob.core.usgovcloudapi.net/?comp=list&include=metadata", "method": "GET", "headers": { "_headersMap": { "x-ms-version": { "name": "x-ms-version", "value": "2020-10-02" }, "accept": { "name": "Accept", "value": "application/xml" }, "user-agent": { "name": "User-Agent", "value": "Microsoft Azure Storage Explorer/1.24.1 (win32) azsdk-js-storageblob/12.8.0 (NODE-VERSION v16.13.2; Windows_NT 10.0.19044)" }, "x-ms-client-request-id": { "name": "x-ms-client-request-id", "value": "##########" }, "authorization": { "name": "authorization", "value": "Bearer JSON Web Token Redacted" }, "cookie": { "name": "Cookie", "value": "" } } }, "withCredentials": false, "timeout": 0, "keepAlive": true, "decompressResponse": false, "requestId": "##########" }, "response": { "headers": { "_headersMap": { "content-length": { "name": "content-length", "value": "246" }, "content-type": { "name": "content-type", "value": "application/xml" }, "date": { "name": "date", "value": "Mon, 23 May 2022 23:15:18 GMT" }, "server": { "name": "server", "value": "Microsoft-HTTPAPI/2.0" }, "x-ms-client-request-id": { "name": "x-ms-client-request-id", "value": "##########" }, "x-ms-error-code": { "name": "x-ms-error-code", "value": "AuthorizationFailure" }, "x-ms-request-id": { "name": "x-ms-request-id", "value": "##########" } } }, "request": { "streamResponseStatusCodes": {}, "url": "https://##########.blob.core.usgovcloudapi.net/?comp=list&include=metadata", "method": "GET", "headers": { "_headersMap": { "x-ms-version": { "name": "x-ms-version", "value": "2020-10-02" }, "accept": { "name": "Accept", "value": "application/xml" }, "user-agent": { "name": "User-Agent", "value": "Microsoft Azure Storage Explorer/1.24.1 (win32) azsdk-js-storageblob/12.8.0 (NODE-VERSION v16.13.2; Windows_NT 10.0.19044)" }, "x-ms-client-request-id": { "name": "x-ms-client-request-id", "value": "##########" }, "authorization": { "name": "authorization", "value": "Bearer JSON Web Token Redacted" }, "cookie": { "name": "Cookie", "value": "" } } }, "withCredentials": false, "timeout": 0, "keepAlive": true, "decompressResponse": false, "requestId": "##########" }, "status": 403, "bodyAsText": "AuthorizationFailureThis request is not authorized to perform this operation.\nRequestId:##########\nTime:2022-05-23T23:15:18.9662454Z", "parsedBody": { "message": "This request is not authorized to perform this operation.\nRequestId:##########\nTime:2022-05-23T23:15:18.9662454Z", "code": "AuthorizationFailure" }, "parsedHeaders": { "errorCode": "AuthorizationFailure", "content-length": "246", "content-type": "application/xml", "date": "Mon, 23 May 2022 23:15:18 GMT", "server": "Microsoft-HTTPAPI/2.0", "x-ms-client-request-id": "##########", "x-ms-request-id": "##########" } }, "details": { "errorCode": "AuthorizationFailure", "content-length": "246", "content-type": "application/xml", "date": "Mon, 23 May 2022 23:15:18 GMT", "server": "Microsoft-HTTPAPI/2.0", "x-ms-client-request-id": "##########", "x-ms-request-id": "##########", "message": "This request is not authorized to perform this operation.\nRequestId:##########\nTime:2022-05-23T23:15:18.9662454Z", "code": "AuthorizationFailure" }

Azure Storage Explorer
Azure Storage Explorer
An Azure tool that is used to manage cloud storage resources on Windows, macOS, and Linux.
252 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,105 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sumarigo-MSFT 45,781 Reputation points Microsoft Employee
    2024-08-13T12:04:19.19+00:00

    @Mahadev, Rakesh [HAEA] Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    I assume you using in SAS token in Storage explorer for connect azure storage account? (A 403 error in Azure Storage Explorer can be caused by authorization or authentication issues, or if the storage account firewall blocks requests. Storage Explorer needs both management and data layer permissions to access resources. To access storage accounts, containers, and data, users need Microsoft Entra permissions.)
    May I know how have you generated the SAS token with access key or without access key?

    Please cross verify all the necessary permission has been provided?

    The error message you are seeing ("AuthorizationFailure: This request is not authorized to perform this operation") indicates that the SAS token you are using to access the Azure Storage account does not have the necessary permissions to view the blob containers, file shares, or tables.

    Grant limited access to Azure Storage resources using shared access signatures (SAS)
    Create SAS tokens for your storage containers

    To resolve this issue, you can try the following steps:

    1. Check the permissions on the SAS token: Make sure that the SAS token has the necessary permissions to view the blob containers, file shares, or tables. You can check the permissions on the SAS token by reviewing the SAS token string or by generating a new SAS token with the necessary permissions.

    Please Allow whaat all persmission and resource type need access to your Storage account.

    User's image

    1. Check the access policy on the Azure Storage account: Make sure that the access policy on the Azure Storage account allows access to the blob containers, file shares, or tables. You can check the access policy on the Azure Storage account by logging into the Azure portal and reviewing the access policies for the storage account.
    2. Check the firewall and virtual network settings: Make sure that the firewall and virtual network settings on the Azure Storage account allow access from your client IP address or virtual network. You can check the firewall and virtual network settings on the Azure Storage account by logging into the Azure portal and reviewing the firewall and virtual network settings for the storage account.

    Steps: - Azure Portal -> Storage Account -> Networking -> Check Allow Access From (All Networks / Selected Networks) If it is "Selected Networks" - It means the storage account is firewall enabled.
    User's image

    Check the storage account key: Make sure that the storage account key is correct and has not expired. You can regenerate the storage account key by logging into the Azure portal and selecting the storage account.

    To fix this, check the permissions at the account level and ensure that the necessary permissions are granted. Users with Management plane roles, such as creating accounts and managing settings, do not have access to data operations. Conversely, data plane roles, like Storage Blob Data Owner, allow access to data operations such as uploading and downloading data but not management operations.

    For more information on RBAC roles and their functionalities, refer to this documentation: Azure Built-in Role Descriptions.

    Additional information:

    How 403 error is occurred https://video2.skills-academy.com/en-us/rest/api/storageservices/blob-service-error-codes

    Please let us know if you have any further queries. I’m happy to assist you further. 

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.