Storage event trigger- cross tenant

Copper Contributor

Hello,

We have an Azure Datalake storage account(Gen2) in Tenant A, and an Azure Data Factory V2(ADF) in Tenant B. We want to create a storage event trigger in Tenant B ADF, on the Tenant A Storage Account(SA); so that a pipeline run is triggered when a blob is created in Tenant A SA. 

 

We tried creating a trigger in Tenant B ADF, but it failed with the below error:

Error code: Forbidden
Inner error code: LinkedAuthorizationFailed
Message: The client has permission to perform action 'Microsoft.EventGrid/EventSubscriptions/Write' on scope '/subscriptions/{tenant-b-adf-subscription-id}/resourcegroups/{tenant-b-adf-resourcegroup}/providers/Microsoft.DataFactory/factories/{tenant-b-adf-name}/triggers/triggerTest2', however the current tenant '{tenant-b-tenant-id}' is not authorized to access linked subscription '{tenant-a-sa-subscription-id}'.

 

If the client(an AD user) in Tenant B were to have necessary permissions on Tenant A, would this approach work? If not, what could be the other possible options? Open to all suggestions. Thank you.

0 Replies