👀 Views: 58 💬 Answers: 1 📅 Created: 2025-06-07

azure azure-datalake sas-token Python

I'm stuck on something that should probably be simple. I'm attempting to set up I'm currently working on a project that involves accessing files in Azure Data Lake Storage Gen2 using Shared Access Signature (SAS) tokens... I've generated a SAS token with read permissions, but when I attempt to access the resource, I'm receiving an 'Access Denied' behavior. Here's the code I'm using to generate the SAS token: ```python from azure.storage.filedatalake import DataLakeServiceClient from datetime import datetime, timedelta account_name = 'mystorageaccount' account_key = 'myaccountkey' service_client = DataLakeServiceClient(account_url=f'https://{account_name}.dfs.core.windows.net', credential=account_key) file_system_client = service_client.get_file_system_client(file_system='myfilesystem') file_client = file_system_client.get_file_client('myfolder/myfile.txt') expiry_time = datetime.utcnow() + timedelta(hours=1) sas_token = file_client.generate_shared_access_signature( permission='r', expiry=expiry_time ) print(sas_token) ``` I then use the generated SAS token in my HTTP request like this: ```python import requests url = f'https://{account_name}.dfs.core.windows.net/myfilesystem/myfolder/myfile.txt?{sas_token}' response = requests.get(url) print(response.status_code, response.text) ``` Despite ensuring the token has the correct permissions and is not expired, I still encounter the behavior. I've double-checked that the file and folder names are correct and that the storage account allows the required permissions. Additionally, I've verified that the firewall settings permit requests from my IP address. Could this be an scenario related to the hierarchical namespace or perhaps a misconfiguration in the role assignments of the storage account? Any insights on resolving this would be greatly appreciated. Am I missing something obvious? For context: I'm using Python on Windows 10. Thanks for your help in advance!