Azure ADLS gen2 listing folders given authentication error using rest api and service principal

Question

I have a storage account in azure with ADLS gen2 (hierarchy enabled). I have created a app and a service principal. I have also created a container in the storage and a folder inside that container. Using ACL I have given execute permission to container and read and write permission to the folder.

I am able to copy data using azcopy to the directory I have created inside the container.

I would like to list the data I have copied. Since azcopy list does not work, I tried using rest api

Using Post req https://login.microsoftonline.com//oauth2/v2.0/token

client_id : app_id client_secret : secret grant_type : client_credentials scope : https://storage.azure.com/.default

I get a token. When I use this token here https:///?directory=&resource=filesystem&recursive=true

Authorization = Bearer x-ms-version : 2019-02-02

I get this error

{
    "error": {
        "code": "AuthorizationPermissionMismatch",
        "message": "This request is not authorized to perform this operation using this permission.\nRequestId:0cd2e016-601f-003b-5fbe-5870a7000000\nTime:2019-08-22T07:50:06.5848071Z"
    }

}

What am I missing here?

Have you assigned a RABC role to the service principal? For more details, please refer to docs.microsoft.com/en-us/azure/storage/blobs/…. — user10182254
Is that you can use the service principal to login azcopy then you use azcopy to copy file to your storage account — user10182254

Mohit Verma Mohit Verma · Accepted Answer · 2019-08-23T10:12:54

It requires **Read and Execute** permission to list the content of the directory.

I would suggest you to give Read & Execute both permission to application.

Reference:

https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/storage/blobs/data-lake-storage-access-control.md

Please try and see if it works.

Azure ADLS gen2 listing folders given authentication error using rest api and service principal

1 Answers