Search code examples
azureparquetazure-data-explorerazure-data-lake-gen2

Authorization Error with LightIngest in Azure Data Explorer

I am trying to ingest historical data from a Storage Data Lake Gen2 to a Dabatase in Azure Data Explorer. The provided solution is to use a tool LightIngest to ingest large amounts of data.

It gives you the command to execute it using the tool LightIngest.exe

enter image description here

LightIngest.exe "https://ingest-mycluster.centralus.kusto.windows.net/;Fed=True"
-database:"DataBaseName" -table:"TableName" -source:"https://mydatalake.blob.core.windows.net/mycontainer?sv=mysas"
-format:"parquet" -prefix:"2022" -pattern:"*" -ingestionMappingRef:"MyMapping" -tag:"XXXX"

I downloaded the tool from the URL provided in Download LightIngest.

I execute the command but It fails with the following error message:

IngestSingle failed: Forbidden (403-Forbidden): {
"error": {
    "code": "Forbidden",
    "message": "Caller is not authorized to perform this action",
    "@type": "Kusto.Common.Svc.Exceptions.UnauthorizedOperationException",
    "@message": "Principal 'aaduser=XXXX;XXXX' is not authorized to perform operation 'Ingest' on 'any database'."

It says that the following Principal (which is not my user Object Id from AAD and I don't even recognize that Principal) is not authorized to perform any action in the database.

I also added my user to the database with the following command:

.add database DataBaseName users ('aaduser=myemail@email.com') 'User (AAD)'

But still getting the error.

Am I missing something? Any ideas on how to solve this?

Thanks!

Solution

  • database-user permissions are insufficient for ingesting data into any table in the database. you'll need either table-ingestor permissions, or database-ingestor permissions.

    see: documentation

    To specify the tenant ID in the connection string, look for "authority ID" in the examples here