Microsoft.Azure.OperationalInsights returns 'Forbidden' message for service principle

Question

I am trying to read insights of a resource in azure. I am getting the error as:

Operation returned an invalid status code 'Forbidden'

The service principle has been given 'Log Analytics Reader' role on the subscription of the workspace.

Microsoft.Azure.Management.ResourceManager.Fluent.Authentication.AzureCredentials credentials =
 Microsoft.Azure.Management.ResourceManager.Fluent.SdkContext.AzureCredentialsFactory.FromServicePrincipal(
 "clientId", 
 "clientSecret", 
 "tenantId", 
 Microsoft.Azure.Management.ResourceManager.Fluent.AzureEnvironment.AzureGlobalCloud);

var client = new Microsoft.Azure.OperationalInsights.OperationalInsightsDataClient(credentials);
client.WorkspaceId = @"workspaceId";
var results = client.QueryWithHttpMessagesAsync("union * | take 5").Result;

The solution to status code: unauthorised is using delegated permissions, but I need an authentication token without userinteraction.

Answer 1

As you have given the service principle 'Log Analytics Reader' role on the subscription .Need to give the API permission for your service principle as well.

• Go to your service principle> API permission >Add permission > APIs my organization uses. Search for Log analytics API .

• And Add the below permission to your service principle.

• And grant admin consent permission to your service principle for the API permission.

once you have granted the permission for service principle you would be able to read the logs .

For more information on the same thing using powershell please refer this Blog .