Dec 16 2021 10:27 PM
Hello,
We have an Azure Datalake storage account(Gen2) in Tenant A, and an Azure Data Factory V2(ADF) in Tenant B. We want to create a storage event trigger in Tenant B ADF, on the Tenant A Storage Account(SA); so that a pipeline run is triggered when a blob is created in Tenant A SA.
We tried creating a trigger in Tenant B ADF, but it failed with the below error:
Error code: Forbidden
Inner error code: LinkedAuthorizationFailed
Message: The client has permission to perform action 'Microsoft.EventGrid/EventSubscriptions/Write' on scope '/subscriptions/{tenant-b-adf-subscription-id}/resourcegroups/{tenant-b-adf-resourcegroup}/providers/Microsoft.DataFactory/factories/{tenant-b-adf-name}/triggers/triggerTest2', however the current tenant '{tenant-b-tenant-id}' is not authorized to access linked subscription '{tenant-a-sa-subscription-id}'.
If the client(an AD user) in Tenant B were to have necessary permissions on Tenant A, would this approach work? If not, what could be the other possible options? Open to all suggestions. Thank you.