Comments (10)
Locally, the app uses your user credential, but when deployed, the app uses the app service's managed identity, so its certainly possible for a permission error to happen.
Here is the corresponding infrastructure from main.bicep that sets up the managed identity for acessing storage:
module storageRoleBackend 'core/security/role.bicep' = {
scope: storageResourceGroup
name: 'storage-role-backend'
params: {
principalId: backend.outputs.identityPrincipalId
roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1'
principalType: 'ServicePrincipal'
}
}
Please double check that your app has that role assigned to it.
from azure-search-openai-demo.
Hi Pamela,
Thanks for the reply.
About Please double check that your app has that role assigned to it.
:
If the blob storage and web app has already set up, how to set up the managed identity to access storage?
- Is it inside the
Access control (IAM)
? - I need to change the setting for blob storage or web app?
- Which setting should I change?
Update:
Figure it out by myself, no like the role assignment to user, after deploying online, it relays on the Identify
of the web app (also the entry name).
For more details, I make the changes based on following link:
https://tech-tutes.com/2021/03/18/access-azure-blob-storage-using-azure-ad-managed-identity/
from azure-search-openai-demo.
Same issue here. How did you solve this?
from azure-search-openai-demo.
same issue here. Any ideas on how to solve this?
from azure-search-openai-demo.
Same for me, was working. loaded more files in and now not
from azure-search-openai-demo.
above Internal Server Error for citation resolved...?
from azure-search-openai-demo.
Please check the logs for the web server and see if you can see a precise error. Please paste the error here.
from azure-search-openai-demo.
Please check the logs for the web server and see if you can see a precise error. Please paste the error here.
Hi, here is my error log. The strange thing is that I can use the citation locally but cannot view it after deploy it. Any suggestions? Thanks.
azure.core.exceptions.HttpResponseError: This request is not authorized to perform this operation using this permission.
from azure-search-openai-demo.
Hi Pamela, Thanks for the reply. About
Please double check that your app has that role assigned to it.
: If the blob storage and web app has already set up, how to set up the managed identity to access storage?* Is it inside the `Access control (IAM)`? * I need to change the setting for blob storage or web app? * Which setting should I change?
Update: Figure it out by myself, no like the role assignment to user, after deploying online, it relays on the
Identify
of the web app (also the entry name). For more details, I make the changes based on following link: https://tech-tutes.com/2021/03/18/access-azure-blob-storage-using-azure-ad-managed-identity/
can please provide more details on what you did, i already have the identity added but it is still showing me the internal server error. Thanks.
from azure-search-openai-demo.
If you are seeing an internal server error, please first check the App Service logs (see FAQ for how to do that) to see the exact error. Once you have the exact error, share that here or in a new issue if you need help understanding it.
from azure-search-openai-demo.
Related Issues (20)
- Understand file structure in blob storage HOT 4
- Answer won't search global content blob HOT 1
- Connect user with their Onedrive/Sharepoint data HOT 3
- openai.error.AuthenticationError: Principal does not have access to API/Operation HOT 1
- How to make user uploaded files globally available to all the users using ChatApp. HOT 2
- suggestions for ways to give access to resources in main storage HOT 1
- Setting up optional login HOT 3
- Should `AAD` be changed to `Azure Entra ID`? HOT 2
- Deleting The "ASK" tab HOT 1
- Search resource fails in swedencentral HOT 1
- Use "evaluation app" when the login is required in the "chat app" HOT 2
- Advanced RAG
- Chat answer layout differs in oai from deployment HOT 1
- I am not able to change the "Retrieval mode" in the UX
- Request for company Azure account (needed to get Azure OpenAI account) fails.
- Supporting files with apostrophy / punctuation mark in the file name HOT 3
- local running error: Incomplete environment configuration for EnvironmentCredential. HOT 3
- Error in login_and_acl.md when using ./script/manage.acl should be --document, not --url HOT 4
- adlsgen2setup fails three bugs - 1. cannot set AZURE_ADLS_GEN2_STORAGE_ACCOUNT 2. ./data/* should be ./data in adlsgensetup.sh and 3. Code changes required in adlsgensetup.py HOT 1
- Can we get some examples for AZURE_ADLS_GEN2_FILESYSTEM_PATH and how to use it in documentation please HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from azure-search-openai-demo.