Skip to main content

Authorization Permission Mismatch error with Azure Storage

· One min read
Luke Murray
Luke Murray
Author

When attempting to copy files in an Azure DevOps pipeline to an Azure Storage account, I received the following error:

warning

##[error]Upload to container: 'StorageContainer' in storage account: 'ContosoStorageAccount' with blob prefix: '736' failed with error: 'AzCopy.exe exited with non-zero exit code while uploading files to blob storage.' For more info please refer to https://aka.ms/azurefilecopyreadme.

After reviewing the Azure DevOps raw pipeline logs I noticed the following:

warning

2024-05-06T06:25:34.1051117Z -------------------------------------------------------------------------------- 2024-05-06T06:25:34.1052461Z RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. 2024-05-06T06:25:34.1053291Z ERROR CODE: AuthorizationPermissionMismatch 2024-05-06T06:25:34.1055333Z --------------------------------------------------------------------------------

The fix was to make sure that the Service Principal that Azure DevOps is using to read/write to the Azure Storage account has the correct permissions to the Data plane *not just the Management plane.

In my case, I needed to assign the Storage Blob Data Contributor role to the Service Principal.