Forum Discussion
Principle Does not have Access to API/Operation
Hi all,
I am trying to connect Azure OpenAI service to Azure AI Search service to Azure Gen 2 Data lake. In the Azure AI Foundry studio Chat Playground, I am able to add my data source, which is a .csv file in the data lake that has been indexed successfully.
I use "System Assigned Managed Identity".
The following RBAC has been applied:
- AI Search service has Cognitive Services OpenAI Contributor in Azure Open AI service
- Azure OpenAI service has Search Index Data Reader in AI Search Service
- Azure OpenAI service has Search Service Contributor in AI Search Service
- AI Search Service has Storage Blob Data Reader in Storage account (Data Lake)
As mentioned when adding the data source it passes validation but when I try to ask a question, I get the error
"We couldn't connect your data
Principal does not have access to API/Operation"
9 Replies
Double-checking RBAC roles and ensuring that the necessary permissions are granted is crucial. Adding the "Search Index Data Reader" role to the System Managed Identity for the Azure OpenAI Service has worked for some users. Also, verify that the service principal has the required access to the Azure services you're using.
It seems that adding the "Search Index Data Reader" role to the System Managed Identity for the Azure OpenAI Service resolved the issue for some users. It's also important to double-check the RBAC roles and ensure that the necessary permissions are granted. This should help in connecting Azure OpenAI service to Azure AI Search service and Azure Gen 2 Data Lake.
The error message suggests a permissions issue. Ensure that the System Assigned Managed Identity has the necessary roles assigned with the appropriate scope. Verify the RBAC roles for Azure OpenAI, AI Search, and the Data Lake to confirm they align with the required access levels. Additionally, check the configuration settings in the Azure AI Foundry studio. If the issue persists, consider reaching out to Azure support with detailed logs and configurations for further assistance.
The "Principle does not have access to API/Operation" error often indicates a permissions issue. Ensure that the System Assigned Managed Identity has the necessary roles assigned at the appropriate scope. Double-check the RBAC roles for Azure OpenAI, AI Search, and the Data Lake to confirm they align with the required access levels. It's also worth verifying the configuration settings in the Azure AI Foundry studio. If the issue persists, reaching out to Azure support with detailed logs and configurations can help resolve the problem.
I get the same error when trying to add a data source linked to a Storage Account (blob storage). I've checked the RBAC several times, all seems to be correct. Also using System Assigned Managed Identities.
Facing the exact same issue as well!!
Thank you for sharing this issue. It seems like there might be a permissions or configuration problem. I recommend double-checking the RBAC roles and ensuring that the necessary permissions are granted for the services and data sources you're trying to connect. Additionally, verify that the System Assigned Managed Identity has the appropriate access to the resources. If the issue persists, consider reaching out to Azure support for further assistance.
Adding Search Index Data Reader to the System Managed Identity of Azure OpenAI Service fixed this issue for me. However, when using Storage Blob Container as the data source, with pdfs as the document type then I can only use the Keyword chunking. Vectorization fails!! I will definitely attempt again after preprocessing the documents and extracting pdfs into a more structured format but in the meanwhile any idea what might be happening here? The error is something like "The file is corrupted or format is unsupported"
having this exact issue
