Share via

request not authorized to read metadata from cosmos db analytical store.

ANKIT GHENGE 65 Reputation points
2025-01-06T14:44:18.5966667+00:00

i am getting error as error occured during snapshot metadata read phase -com.microsoft.azure.storage.storageexception: request not authorized to perform operation. details ")" when selecting the analytical store of cosmosdb. the data can be previewed properly when using transactional store. i can see the data reader role applied to synapse workspace and access provided with synapse link as enabled as well. please help to check on this more.

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
5,117 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Chandra Boorla 6,370 Reputation points Microsoft Vendor
    2025-01-06T20:32:35.7233333+00:00

    Hi @ANKIT GHENGE

    Greetings & Welcome to Microsoft Q&A forum! Thanks for posting your query!

    The error you are encountering, "request not authorized to perform operation," typically indicates that there are insufficient permissions for the operation you're trying to perform on the Azure Cosmos DB analytical store. Here are a few steps you can take to troubleshoot this issue:

    Check Role Assignment Scope - Ensure that the "Data Reader" role is assigned at the correct scope. It should be assigned at the level of the Cosmos DB account, not just at the resource group or subscription level. You can verify this in the Azure portal under the "Access control (IAM)" section of your Cosmos DB account.

    Managed Identity - If your Synapse workspace is using a managed identity, ensure that the managed identity is enabled and that it has the necessary permissions. You can check this by going to the Synapse workspace settings and looking for the "Identity" section.

    Verify Synapse Link Configuration - Make sure that the Synapse Link is properly enabled for your Cosmos DB account and that the necessary configurations are in place.

    Access Control - Confirm that the user has been granted the required access to the underlying storage account, as access issues can also stem from the storage account level.

    Network Settings - If you are using private endpoints or network isolation, ensure that the network settings allow access to the analytical store.

    User's image

    For more details, please refer to the below links:

    https://zcusa.951200.xyz/en-us/azure/synapse-analytics/troubleshoot/troubleshoot-synapse-studio-and-storage-connectivity

    https://zcusa.951200.xyz/en-us/azure/cosmos-db/synapse-link-frequently-asked-questions#security

    https://zcusa.951200.xyz/en-us/azure/synapse-analytics/sql/resources-self-help-sql-on-demand?tabs=x80070002#storage-access

    I hope this information helps. Please do let us know if you have any further queries.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.