Open apaulture opened 1 month ago
@apaulture Thanks for your feedback! We will investigate and update as appropriate.
@apaulture
It seems like you are trying to upload a blob to a container in Azure Storage, but you are getting a permission error. The error message suggests that you need to be assigned one of the following roles: "Storage Blob Data Owner", "Storage Blob Data Contributor", or "Storage Blob Data Reader".
The Owner role should be able to upload blobs, but it's possible that the permission is not set up correctly. You can check the role assignments for your subscription by running the az role assignment list
command.
If you see that your security principal has the Owner role assigned, then it's possible that there is an issue with the authentication method you are using. The error message suggests that you can use the old authentication method and allow querying for the right account key by using the "--auth-mode" parameter and "key" value.
Here is an example command to upload a blob using the "key" authentication method:
az storage blob upload --account-name <storage-account> --account-key <storage-account-key> --container-name <container> --name <blob-name> --type block --source <file-path>
Replace <storage-account>
, <storage-account-key>
, <container>
, <blob-name>
, and <file-path>
with your own values.
I hope this helps! Let me know if you have any other questions.
For an issue like this, I'd recommend you create a support ticket since the support team will be able to respond much more quickly and have a conversation with you to figure out what could be going on.
@apaulture
It seems like you are trying to upload a blob to a container in Azure Storage, but you are getting a permission error. The error message suggests that you need to be assigned one of the following roles: "Storage Blob Data Owner", "Storage Blob Data Contributor", or "Storage Blob Data Reader".
The Owner role should be able to upload blobs, but it's possible that the permission is not set up correctly. You can check the role assignments for your subscription by running the
az role assignment list
command.If you see that your security principal has the Owner role assigned, then it's possible that there is an issue with the authentication method you are using. The error message suggests that you can use the old authentication method and allow querying for the right account key by using the "--auth-mode" parameter and "key" value.
Here is an example command to upload a blob using the "key" authentication method:
az storage blob upload --account-name <storage-account> --account-key <storage-account-key> --container-name <container> --name <blob-name> --type block --source <file-path>
Replace
<storage-account>
,<storage-account-key>
,<container>
,<blob-name>
, and<file-path>
with your own values.I hope this helps! Let me know if you have any other questions.
For an issue like this, I'd recommend you create a support ticket since the support team will be able to respond much more quickly and have a conversation with you to figure out what could be going on.
@SaibabaBalapur-MSFT Here were the steps I took to test this issue:
Owner
role to populate baseline permissions"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
],
After running the command, the blob successfully uploaded to the specified container.
Can we therefore safely assume the Owner
role does not include permissions to upload blobs?
@apaulture Thanks for bringing this to our attention. I'm going to assign this to the document author so they can take a look at it accordingly.
@stevenmatthew Can you please check and add your comments on this doc update request as applicable.
Type of issue
Other (describe below)
Feedback
az storage blob upload --auth-mode login --container-name <container> --account-name <storage-account> --name <name> --file <file-path>
role assignment list
After assigning role
Storage Blob Data Contributor
to security principal, upload works. Shouldn'tOwner
be able to upload blobs, or is this permission required?"dataActions": ["Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"]
Page URL
https://learn.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-cli
Content source URL
https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/storage/blobs/storage-quickstart-blobs-cli.md
Author
stevenmatthew
Document Id
N/A
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.