When published in azure function QueryWorkspaceAsync returns status 403-CodePudding

I'm using QueryWorkspaceAsync to access azure logs from code to work with. While locally everything runs smoothly and I am able to work with tables I get from it. Now I decided to create time trigger azure function that would run once a day and send me report from specific things found in logs. I tested function locally and it run smoothly. But when I published it I get error:

Azure.RequestFailedException: The provided credentials have insufficient access to perform the requested operation Status: 403 (Forbidden) ErrorCode: InsufficientAccessError Content: {"error":{"message":"The provided credentials have insufficient access to perform the requested operation","code":"InsufficientAccessError","correlationId":"aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"}}

Here is sample of function if it is any help:

public async Task RunAsync([TimerTrigger("0 0 8 * * *")]TimerInfo myTimer, ILogger log)
{
    log.LogInformation($"Function was triggered at: {DateTime.UtcNow}");
    try
    {       
        Response<LogsQueryResult> response = await client.QueryWorkspaceAsync(workspaceId, "AppTraces | where AppRoleName == \"servicesmonitoring\" | summarize Count = count() by OperationName | order by Count desc", new QueryTimeRange(TimeSpan.FromDays(1)));
        
        log.LogInformation($"Successfully got query #1.");
    }
}

I have no idea what could be problem since function is published in same workspace as logs I'm trying to access are. I was also unable to find any articles mentioning problem I encountered.

CodePudding user response：

As mentioned in comments by Skin I was able to resolve this issue by adding Function Application to Access control (IAM) of accessed Log Analytics workspace.