👀 Views: 13 💬 Answers: 1 📅 Created: 2025-06-26

azure azure-functions data-lake-storage C#

I'm trying to configure I'm working through a tutorial and I'm currently developing an Azure Function that processes files uploaded to Azure Data Lake Storage Gen2... However, I keep encountering an access denied error when the function tries to read from the storage account. The error message I receive is: `User 'my-function-identity@mytenant.onmicrosoft.com' does not have 'Storage Blob Data Reader' permission on 'my-container/path/to/file.txt'.` I've ensured that the Azure Function's identity is enabled and have assigned it the 'Storage Blob Data Reader' role at the container level in Azure IAM. Here’s how I set it up in the Azure portal: 1. Navigated to the Data Lake Storage account. 2. Selected 'Access control (IAM)'. 3. Clicked on 'Add Role Assignment'. 4. Chose 'Storage Blob Data Reader' and assigned it to the function’s managed identity. I also checked that the Azure Function is set to use the correct identity by inspecting the `local.settings.json` file where I have this configuration: ```json { "IsEncrypted": false, "Values": { "AzureWebJobsStorage": "<my-storage-connection-string>", "FUNCTIONS_WORKER_RUNTIME": "dotnet", "AzureWebJobs:Storage:AccountName": "my-storage-account", "AzureWebJobs:Storage:AccountKey": "<my-account-key>", "AzureWebJobs:Storage:EndpointSuffix": "core.windows.net" } } ``` I've also tried clearing the cache and re-deploying the function without any success. Could there be something I’m missing in terms of permissions or configuration? Is there a specific scope that I need to pay attention to when assigning roles for Data Lake Storage Gen2? Any insights would be greatly appreciated! My development environment is Ubuntu 20.04. Any feedback is welcome! The project is a application built with C#. What are your experiences with this? Any suggestions would be helpful.