issue in azure pipeline using azure data factory to pull data from sql-server to azure blob

Question

The client '[email protected]' with object id 'abcabcabcabcabc' does not have authorization to perform action 'Microsoft.Resources/deployments/write' over scope '/subscriptions/abcabcabc/resourcegroups/abc-01-east/providers/Microsoft.Resources/deployments/publishing-123123123123'

I was trying to create a pipeline using azure data factory to pull data from sql-server to azure blob, but i am facing the above issue while i was trying to use my integration runtime which already exsist in my azure portal.

At present I have data factory contributor role assigned to me, what other roles should I have to avoid this issue?

yes I do have access to my sql-server, and when I tried accessing azure blob from azure portal through integration run-time, even then its giving the same error.. — raghu t
I suppose that you have only read-only access to blob storage,so will you check it again? — Jay Gong
yes I have read only access, I got to know from Microsoft support that I need automation job operator, I am trying that it should work it should be able to write resource — raghu t

Jan Bols Jan Bols · Accepted Answer · 2018-09-10T09:36:09

I had a similar issue being a contributor for an ADF. With this role, you seem to be able to open the ADF UI, but the moment you try to publish anything, you get the above error. Making me a data factory contributor for that ADF didn't help.

What did help was making me a data factory contributor on the resource group level. So go to the resource group that contains the ADF, go to IAM and add you as a data factory contributor.

I also noticed, you need to close the data factory ui before IAM changes take effect.

Azure's roles are a bit of a mystery to me so it would be useful if someone could provide an explanation of how and why.

issue in azure pipeline using azure data factory to pull data from sql-server to azure blob

2 Answers