由于 AuthorizationPermissionMismatch,无法访问存储队列 receiveMessages
Can't Access Storage Queue receiveMessages due AuthorizationPermissionMismatch
我已经使用 ClientSecretCredential 访问了 Azure 存储队列方法,但是在访问
队列 receiveMessages、队列 peekMessages 和 deleteMessages 它给我错误
RestError: This request is not authorized to perform this operation using this permission.
RequestId:c92577923e-a603-0004-61c0-f70a19000
这是我的节点 js 代码
const { QueueServiceClient } = require("@azure/storage-queue");
const { ClientSecretCredential } = require("@azure/identity");
async function getQueueMessages() {
try {
let myStorageAccount = "hellostorage";
const credential = new ClientSecretCredential(tenantId, app_id, SecretKey);
const queueServiceClient = new QueueServiceClient(
`https://${myStorageAccount}.queue.core.windows.net`,
credential
);
const queueName = "hello-queue";
const queueClient = queueServiceClient.getQueueClient(queueName);
const response = await queueClient.receiveMessages(10);
console.log("response: ", response);
} catch (error) {
console.log("error: ", error);
}
}
getQueueMessages();
这是我的应用权限
您分享的屏幕截图实质上允许您的服务委托人为您的存储帐户获取令牌。它没有授予您对存储帐户执行操作的权限,这就是您收到此错误的原因。
您需要做的是在存储帐户上向您的服务主体授予适当的数据相关权限。请参阅此 link,了解您必须分配给服务主体以执行数据相关操作的适当 RBAC 角色:https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-azure-active-directory#manage-access-rights-with-rbac。
您可以尝试使用 Storage Queue Data Message Processor or Storage Queue Data Contributor 个角色。
应用适当的角色后,您应该能够执行这些操作。
我已经使用 ClientSecretCredential 访问了 Azure 存储队列方法,但是在访问 队列 receiveMessages、队列 peekMessages 和 deleteMessages 它给我错误
RestError: This request is not authorized to perform this operation using this permission. RequestId:c92577923e-a603-0004-61c0-f70a19000
这是我的节点 js 代码
const { QueueServiceClient } = require("@azure/storage-queue");
const { ClientSecretCredential } = require("@azure/identity");
async function getQueueMessages() {
try {
let myStorageAccount = "hellostorage";
const credential = new ClientSecretCredential(tenantId, app_id, SecretKey);
const queueServiceClient = new QueueServiceClient(
`https://${myStorageAccount}.queue.core.windows.net`,
credential
);
const queueName = "hello-queue";
const queueClient = queueServiceClient.getQueueClient(queueName);
const response = await queueClient.receiveMessages(10);
console.log("response: ", response);
} catch (error) {
console.log("error: ", error);
}
}
getQueueMessages();
这是我的应用权限
您分享的屏幕截图实质上允许您的服务委托人为您的存储帐户获取令牌。它没有授予您对存储帐户执行操作的权限,这就是您收到此错误的原因。
您需要做的是在存储帐户上向您的服务主体授予适当的数据相关权限。请参阅此 link,了解您必须分配给服务主体以执行数据相关操作的适当 RBAC 角色:https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-azure-active-directory#manage-access-rights-with-rbac。
您可以尝试使用 Storage Queue Data Message Processor or Storage Queue Data Contributor 个角色。
应用适当的角色后,您应该能够执行这些操作。