How do I grant a Function App access to an Azure Storage Account?
Context:
I do not know how to resolve the security access exception for a Function App that does not appear to be authorized to access an Azure Storage Table.
Currently the Access Control role assignments for the Function App are set to Contributor and Reader.
My hypothesis is that the Function App needs to have a Storage Data Table Contributor role assigned to it.
Azure Storage Table:
The following code attempts to access an Azure Storage Table:
let storageAccount = CloudStorageAccount.Parse connectionString
let cloudTableClient = storageAccount.CreateCloudTableClient()
let cloudTable = cloudTableClient.GetTableReference(tableName);
// ** EXCEPTION THROWN ON LINE BELOW **
let! exists = cloudTable.ExistsAsync() |> Async.AwaitTask
Exception:
Unexpected response code, Expected:OK or NotFound, Received:Forbidden
Thoughts:
I thought I needed to add the Function App permission: Storage Data Table Contributor.
Steps:
Note that "Storage Data Table Contributor" is not found.
Conclusion:
In conclusion, I do not know how to resolve the security access exception for a Function App that does not appear to be authorized to access an Azure Storage Table.
References:
https://learn.microsoft.com/en-us/azure/storage/common/authorize-data-access
https://learn.microsoft.com/en-us/azure/storage/tables/authorize-access-azure-active-directory
Azure Function App Read/Write to table storage - InvalidAuthenticationInfoContent
You need to set the role assignment on the Table storage, not on the Function.
On the Function you need to enable Managed Identity. That is the object you need to grant access to on the Table storage.