search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.97k stars 2.95k forks source link

Insufficient read or write permissions on storage account #15070

Open sabmayahai opened 4 years ago

sabmayahai commented 4 years ago

Tried enabling sql auditing using cli, it failed with error "Insufficient read or write permissions on storage account ''"

While the corresponding powershell command worked.

AZ CLI Command: [Did not work]

az sql db audit-policy update --name --resource-group --server --retention-days 30 --storage-account --state Enabled --action SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP FAILED_DATABASE_AUTHENTICATION_GROUP

POWERSHELL Command [Worked]

Set-AzSqlDatabaseAudit -ResourceGroupName "" -ServerName "" -DatabaseName "" -BlobStorageTargetState Enabled -StorageAccountResourceId "/subscriptions/***/resourceGroups//providers/Microsoft.Storage/storageAccounts/" -AuditActionGroup SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP -RetentionInDays 30

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ghost commented 4 years ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @azureSQLGitHub.

yonzhan commented 4 years ago

sql

taimish commented 3 years ago

Is there any update? I have the same issue:

az sql server audit-policy update `
--name $ssName `
--state 'Enabled' `
--blob-storage-target-state 'Enabled' `
--retention-days '181' `
--actions 'BATCH_COMPLETED_GROUP' 'SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP' 'FAILED_DATABASE_AUTHENTICATION_GROUP' `
--storage-account $storageAccountName `
--resource-group $resourceGroup `
--subscription $subscription

The output is the same: Insufficient read or write permissions on storage account 'sapcpqdevsa'

I tried adding the bypass parameter: --bypass 'AzureServices' or --bypass 'Logging but that didn't help. I found a recommendation to allow access from all networks in the Firewall configuration, but that is not an appropriate option for some situation.

yonzhan commented 3 years ago

sql service team should look into this.

aroca-opengov commented 2 weeks ago

mm.. i am still with this issue. Its being a long time. Have you found any solution?

Thanks!