azure-search-openai-demo icon indicating copy to clipboard operation
azure-search-openai-demo copied to clipboard

Published 20 hours ago verified publisher icon Azure-Samples

AuthorizationPermissionMismatch error on document upload

Open ntabernacle opened this issue 1 year ago • 0 comments

This issue is for a: (mark with an x)

- [X ] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

As the owner of the resource group and user that ran azd up I'm able to upload documents through the USER_UPLOAD settings in the readme. However, other users in the tenant get a permission error while trying to upload documents to be ingested. I've run the roles.sh script, recreated the storage and AI Search Index, made the user a Contributor, manually added the roles and still the error persists.

Any log messages given by the failure

'User-Agent': 'azsdk-python-storage-dfs/12.14.0 Python/3.11.10 (Linux-5.15.153.1-microsoft-standard-WSL2-x86_64-with-glibc2.36)' 'Authorization': 'REDACTED' No body was attached to the request INFO:azure.core.pipeline.policies.http_logging_policy:Response status: 403 Response headers: 'Content-Length': '227' 'Content-Type': 'application/json;charset=utf-8' 'Server': 'Windows-Azure-HDFS/1.0 Microsoft-HTTPAPI/2.0' 'x-ms-error-code': 'AuthorizationPermissionMismatch' 'x-ms-request-id': '81fa3302-b01f-0093-3c66-15cb19000000' 'x-ms-version': 'REDACTED' 'x-ms-client-request-id': '60e8dd6c-8159-11ef-bf27-0242ac110002' 'Date': 'Thu, 03 Oct 2024 07:30:34 GMT' ERROR:app:Exception on request POST /upload Traceback (most recent call last): File "/workspaces/ai-hub/.venv/lib/python3.11/site-packages/quart/app.py", line 1376, in handle_request return await self.full_dispatch_request(request_context) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/workspaces/ai-hub/.venv/lib/python3.11/site-packages/quart/app.py", line 1414, in full_dispatch_request result = await self.handle_user_exception(error) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/workspaces/ai-hub/.venv/lib/python3.11/site-packages/quart/app.py", line 1007, in handle_user_exception raise error File "/workspaces/ai-hub/.venv/lib/python3.11/site-packages/quart/app.py", line 1412, in full_dispatch_request result = await self.dispatch_request(request_context) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/workspaces/ai-hub/.venv/lib/python3.11/site-packages/quart/app.py", line 1506, in dispatch_request return await self.ensure_async(handler)(**request_.view_args) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/workspaces/ai-hub/app/backend/decorators.py", line 53, in auth_handler return await route_fn(auth_claims) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/workspaces/ai-hub/app/backend/app.py", line 269, in upload await user_directory_client.set_access_control(owner=user_oid, permissions='rwx------') File "/workspaces/ai-hub/.venv/lib/python3.11/site-packages/azure/core/tracing/decorator_async.py", line 88, in wrapper_use_tracer return await func(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/workspaces/ai-hub/.venv/lib/python3.11/site-packages/azure/storage/filedatalake/aio/_path_client_async.py", line 334, in set_access_control process_storage_error(error) File "/workspaces/ai-hub/.venv/lib/python3.11/site-packages/azure/storage/filedatalake/_deserialize.py", line 221, in process_storage_error exec("raise error from None") # pylint: disable=exec-used # nosec ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "", line 1, in azure.core.exceptions.HttpResponseError: () This request is not authorized to perform this operation using this permission. RequestId:81fa3302-b01f-0093-3c66-15cb19000000 Time:2024-10-03T07:30:34.9735835Z Code: AuthorizationPermissionMismatch AuthorizationPermissionMismatch Message: This request is not authorized to perform this operation using this permission. RequestId:81fa3302-b01f-0093-3c66-15cb19000000 Time:2024-10-03T07:30:34.9735835Z

Expected/desired behavior

User can upload documents as I can.

OS and Version?

All including web app.

azd version?

Versions

Mention any other details that might be useful

.env setup:

AZURE_ENFORCE_ACCESS_CONTROL="true" AZURE_ENABLE_GLOBAL_DOCUMENT_ACCESS="true" AZURE_USE_AUTHENTICATION="true" USE_LOGIN="false" USE_USER_UPLOAD="true"

(Storage and Userstorage env also are set)

Thanks! We'll be in touch soon.

ntabernacle avatar Oct 03 '24 09:10 ntabernacle