I have accessed Azure Storage Queue methods using ClientSecretCredential but on accessing queue receiveMessages, queue peekMessages and deleteMessages it is giving me error

RestError: This request is not authorized to perform this operation using this permission. RequestId:c92577923e-a603-0004-61c0-f70a19000

here is my node js code

const { QueueServiceClient } = require("@azure/storage-queue");
const { ClientSecretCredential } = require("@azure/identity");
async function getQueueMessages() {
  try {
    let myStorageAccount = "hellostorage";
    const credential = new ClientSecretCredential(tenantId, app_id, SecretKey);
    const queueServiceClient = new QueueServiceClient(
      `https://${myStorageAccount}.queue.core.windows.net`,
      credential
    );
    const queueName = "hello-queue";
    const queueClient = queueServiceClient.getQueueClient(queueName);
    const response = await queueClient.receiveMessages(10);
    console.log("response: ", response);
  } catch (error) {
    console.log("error: ", error);
  }
}
getQueueMessages();

Here is my App permission

CodePudding user response：

The screenshot you shared essentially allows your Service Principal to acquire token for your Storage Accounts. It does not give you permissions to perform operations on a Storage Account and this is why you are getting this error.

What you would need to do is give appropriate data related permissions to your Service Principal on a Storage Account. Please see this link for the appropriate RBAC roles that you must assign to your Service Principal to perform data related operations: https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-azure-active-directory#manage-access-rights-with-rbac.

You can try with Storage Queue Data Message Processor or Storage Queue Data Contributor roles.

After you apply appropriate roles, you should be able to perform the operations.