Service Principle cannot access ADLS

Question

Service Principle cannot access ADLS

Christoper Wulur (ext) 0

Could you help me debug

Service Principle has been granted a Storage Blob Data Contributor on the storage account level. However, it cant access the container, 403

Request ID: 9f415b7e-601f-0018-16f1-eb704e000000

1 answer

Your answer

Answer 1

Amira Bedhiafi 35,766 Volunteer Moderator

Hello Christopher !

Thank you for posting on Microsoft Learn.

Are you authenticating with Azure AD token using the Service Principal?

If you are using tools like azcopy, Python SDK, or Azure CLI, you need to make sure that you're authenticating like this:

az login --service-principal -u <appId> -p <secret> --tenant <tenantId>

ADLS Gen2 uses RBAC (Azure Role-Based Access Control) and POSIX-style ACLs.

Even if the Service Principal has Storage Blob Data Contributor at the storage account level, you must also set ACLs on the container and/or folders if you're accessing Data Lake Gen2 hierarchical namespaces.

Also, if the storage account has Hierarchical Namespace enabled (HNS = true), ACLs are mandatory.

Nandamuri Pranay Teja 4,445 Reputation points Microsoft External Staff Moderator

2025-07-04T04:36:11.65+00:00

Hello Christopher !

Just checking in to see if the provided answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further queries do let us know.
Nandamuri Pranay Teja 4,445 Reputation points Microsoft External Staff Moderator

2025-07-07T02:42:46.46+00:00

Hello Christopher !

I wanted to follow up and see if the given answer was helpful. If this resolves your issue, please click "Accept the answer" for it, which could help other community members who read this thread. And, if you have any more questions, please let us know.

Share via

Service Principle cannot access ADLS

1 answer

Your answer