Share via

Permission Denied Error When Testing Teams App with Azure OpenAI Studio

Greg Caron 0 Reputation points
2024-10-11T20:36:47.79+00:00

Using Azure OpenAI Studio, a deployment was created, and PDF files were uploaded for a test RAG Teams App. Interaction with the deployment in the chat playground works as expected. The Teams App is downloaded and opened locally using Visual Studio Code, and the API Key in the config.json file has been updated with the API search key.

Upon starting a Debug in Teams (Edge) session to test, entering text into the chat results in the following error:

  azureopenai:app:error   status: 401
  azureopenai:app:error } +1ms
  azureopenai:app:error {
  azureopenai:app:error   error: {
  azureopenai:app:error     code: 'PermissionDenied',
  azureopenai:app:error     message: 'Principal does not have access to API/Operation.'
  azureopenai:app:error   }
  azureopenai:app:error } +10ms

Following a tutorial from this video, the "Cognitive Services OpenAI User" role was added to the Azure account, yet the same error persists.

Has anyone successfully deployed an Azure OpenAI Studio deployment to a Teams app, and what suggestions might help resolve this issue?

Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
10,152 questions
Azure AI Search
Azure AI Search
An Azure search service with built-in artificial intelligence capabilities that enrich information to help identify and explore relevant content at scale.
1,015 questions
Azure AI services
Azure AI services
A group of Azure services, SDKs, and APIs designed to make apps more intelligent, engaging, and discoverable.
2,857 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amira Bedhiafi 24,711 Reputation points
    2024-10-11T22:03:55.1933333+00:00

    The error you're facing when testing the Azure OpenAI Studio deployment with a Teams app is often due to insufficient access control or misconfigured API credentials.

    Since you've already assigned the "Cognitive Services OpenAI User" role, it's essential to ensure that the role is assigned at the correct scope, ideally at the resource level, and to verify that the principal (app or user identity) has the necessary permissions.

    You may need to confirm that the API key in your config.json file is from the Azure OpenAI service, not the Azure Search service, as they require different keys and roles.

    If you're using VNET integration or private endpoints, ensure that your Teams app can access the OpenAI service through the correct network configurations, and there are no firewall or network restrictions.

    You might also try assigning additional roles, like "Cognitive Services Contributor," to see if broader permissions resolve the issue.

    Make sure that your API endpoint is correct and matches the OpenAI deployment region, and review detailed logs to get more insights into the cause of the error.

    With these steps, you should be able to resolve the permission problem or uncover more details to troubleshoot further.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.