admin管理员组

文章数量:1278854

I am executing a pipeline within my CI/CD environment in DevOps. I am trying to push changes from our UAT environment to our Prod environment. Everything appears to working fine our UAT environment but when try to execute the code below in YAML code in adf_publish branch, I get this error in Azure Devops:

HTTP Status Code: Forbidden Error Code: AuthorizationFailed Error
     | Message: The client '5230e451-6413-4625-8638-867930a514ce' with object
     | id '5230e451-6413-4625-8638-86xxxxxa514ce' does not have authorization to
     | perform action 'Microsoft.DataFactory/factories/triggers/read' over
     | scope
     | '/subscriptions/5fa2700d-738a-444e-xxxxxx241a29d08d/resourceGroups/caplogic-warehouse-prod-rg/providers/Microsoft.DataFactory/factories/caplogic-warehouse-prod-df' or the scope is invalid. If access was recently granted, please refresh your credentials. Request Id: 612eedb8-cc4d-4d17-a917-78c09xxxxxefc Timestamp


- task: AzurePowerShell@5
  inputs:
    azureSubscription: 'ConnectionNew2025'
    ScriptType: 'FilePath'
    ScriptPath: '$(System.DefaultWorkingDirectory)/caplogic-warehouse-dev-df/PrePostDeploymentScript.ps1'
    ScriptArguments: '-armTemplate "$(System.DefaultWorkingDirectory)/caplogic-warehouse-dev-df/ARMTemplateForFactory.json" -ResourceGroupName $(ResourceGroupPrd) -DataFactoryName $(DataFactoryPrd) -predeployment $true -deleteDeployment $false'
    azurePowerShellVersion: 'LatestVersion'

This is extremely strange as I'm don't have the same issue with any other the other ADFs

I am executing a pipeline within my CI/CD environment in DevOps. I am trying to push changes from our UAT environment to our Prod environment. Everything appears to working fine our UAT environment but when try to execute the code below in YAML code in adf_publish branch, I get this error in Azure Devops:

HTTP Status Code: Forbidden Error Code: AuthorizationFailed Error
     | Message: The client '5230e451-6413-4625-8638-867930a514ce' with object
     | id '5230e451-6413-4625-8638-86xxxxxa514ce' does not have authorization to
     | perform action 'Microsoft.DataFactory/factories/triggers/read' over
     | scope
     | '/subscriptions/5fa2700d-738a-444e-xxxxxx241a29d08d/resourceGroups/caplogic-warehouse-prod-rg/providers/Microsoft.DataFactory/factories/caplogic-warehouse-prod-df' or the scope is invalid. If access was recently granted, please refresh your credentials. Request Id: 612eedb8-cc4d-4d17-a917-78c09xxxxxefc Timestamp


- task: AzurePowerShell@5
  inputs:
    azureSubscription: 'ConnectionNew2025'
    ScriptType: 'FilePath'
    ScriptPath: '$(System.DefaultWorkingDirectory)/caplogic-warehouse-dev-df/PrePostDeploymentScript.ps1'
    ScriptArguments: '-armTemplate "$(System.DefaultWorkingDirectory)/caplogic-warehouse-dev-df/ARMTemplateForFactory.json" -ResourceGroupName $(ResourceGroupPrd) -DataFactoryName $(DataFactoryPrd) -predeployment $true -deleteDeployment $false'
    azurePowerShellVersion: 'LatestVersion'

This is extremely strange as I'm don't have the same issue with any other the other ADFs

  • azure-devops
  • azure-data-factory
Share Improve this question edited Feb 24 at 16:56 marc_s 755k184 gold badges1.4k silver badges1.5k bronze badges asked Feb 24 at 16:48 PattersonPatterson 2,8218 gold badges55 silver badges145 bronze badges 1
  • Have you checked the role permission of the Service Principal (or Managed Identity) used by the Azure Resource Manager service connection on the target ADF? Does it work after assigning the required role permission? @Patterson – Bright Ran-MSFT Commented Feb 28 at 9:19
Add a comment  | 

1 Answer 1

Reset to default 1

The error message has clearly stated that the Service Principal (or Managed Identity) used by the Azure Resource Manager service connection does not have the Reader role permission on the target ADF.

To read the child resources for Data Factory (such as datasets, linked services, pipelines, triggers, and integration runtimes) using a Service Principal (or Managed Identity), you need to ensure the Service Principal (or Managed Identity) has any of the following role assigned:

  1. The Reader role assigned at the ADF level.

  2. The Reader role assigned at the Resource Group level or above. By default, the Reader role will be automatically inherited to the ADF level under the Resource Group.

If you want to manage (create, edit, and delete) the child resources for Data Factory using a Service Principal (or Managed Identity) with PowerShell, you can assign the Contributor role to the Service Principal (or Managed Identity) at the ADF level or above.

For more details, see "Roles and permissions for Azure Data Factory".

本文标签:

版权声明:本文标题:Azure Data Factory Unable to AuthorizationFailed Error when trying to access Resource Group During DevOPs pipeline activation - 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741252803a2366109.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。