[英]403 while access an azure table
I'm trying to read and write over a newly created azure table, but I kept getting 403 errors.我正在尝试读取和写入新创建的 azure 表,但我一直收到 403 错误。 I'm using the same account that I used to create the table.
我使用的是用于创建表格的同一帐户。 I also added the account to the contributors group.
我还将该帐户添加到贡献者组。 I've tested multiple scopes thinking does might be the issue, such as:
我已经测试了多个范围,认为确实可能是问题所在,例如:
but always got the same error但总是得到同样的错误
Here is the requeset I'm sending:这是我发送的请求:
PUT https://osnapdbexamsonthecloud.table.core.windows.net/exams(PartitionKey='Osnap',RowKey='test')
Accept: application/json;odata=fullmetadata
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.5
authorization: Bearer CENSORED
Connection: keep-alive
Content-Length: 27
content-type: application/json
Host: osnapdbexamsonthecloud.table.core.windows.net
Origin: http://localhost:3000
Referer: http://localhost:3000/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0
x-ms-version: 2019-02-02
{"id":"test","temp":"test"}
And this is the response I get with status code 403:这是我得到的状态码 403 的响应:
{"odata.error":{"code":"AuthorizationPermissionMismatch","message":{"lang":"en-US","value":"This request is not authorized to perform this operation using this permission.\nRequestId:b3310a10-b002-0026-5cf5-3364d8000000\nTime:2023-01-29T15:22:15.9056626Z"}}}
Do you have any idea what I'm doing wrong?你知道我做错了什么吗?
I agree with @Gaurav Mantri , you need to assign Storage Table Data Contributor role to your Service Principal on that storage account.
我同意@Gaurav Mantri ,您需要将存储表数据贡献者角色分配给该存储帐户上的服务主体。
I tried to reproduce the same in my environment and got the below results:我试图在我的环境中重现相同的内容并得到以下结果:
I have one storage account in which I created a table named exams
like below:我有一个存储帐户,我在其中创建了一个名为
exams
的表,如下所示:
Now, I generated an access token via Postman with the below parameters:现在,我使用以下参数通过 Postman 生成了一个访问令牌:
POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token
client_id: <appID>
client_secret: <secret>
grant_type:client_credentials
scope: https://storage.azure.com/.default
Response:回复:
When I used the above token to perform the below operation, I got same error as you like this:当我使用上面的令牌执行以下操作时,我得到了和你一样的错误:
PUT https://sristorage30.table.core.windows.net/exams(PartitionKey='sri',RowKey='test')
Authorization: Bearer <token>
x-ms-version: 2019-02-02
{
"id":"test",
"temp":"test"
}
Response:回复:
To resolve the error, try assigning Storage Table Data Contributor
role to your service principal that can be your user account or Azure AD application.要解决该错误,请尝试将
Storage Table Data Contributor
角色分配给您的服务主体,该主体可以是您的用户帐户或 Azure AD 应用程序。
In my case, I assigned that role to the service principal of App
type like below:就我而言,我将该角色分配给
App
类型的服务主体,如下所示:
Go to Azure Portal -> Storage accounts -> Your storage account -> Access control (IAM) -> Add role assignment Go 到 Azure 传送门 -> 存储账户 -> 你的存储账户 -> 访问控制 (IAM) -> 添加角色分配
If you are performing the operation from your user account , assign that role to the service principal of User
type like below:如果您从您的用户帐户执行操作,请将该角色分配给
User
类型的服务主体,如下所示:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.