You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/cost-management-billing/costs/tutorial-improved-exports.md
+21-6Lines changed: 21 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -40,10 +40,9 @@ For Azure Storage accounts:
40
40
- Your Azure storage account must be configured for blob or file storage.
41
41
- Don't configure exports to a storage container that is configured as a destination in an [object replication rule](../../storage/blobs/object-replication-overview.md#object-replication-policies-and-rules).
42
42
- To export to storage accounts with configured firewalls, you need other privileges on the storage account. The other privileges are only required during export creation or modification. They are:
43
-
- Owner role on the storage account.
44
-
Or
45
-
- Any custom role with `Microsoft.Authorization/roleAssignments/write` and `Microsoft.Authorization/permissions/read` permissions.
46
-
Additionally, ensure that you enable [Allow trusted Azure service access](../../storage/common/storage-network-security.md#grant-access-to-trusted-azure-services) to the storage account when you configure the firewall.
43
+
-**Owner** role or any custom role with `Microsoft.Authorization/roleAssignments/write` and `Microsoft.Authorization/permissions/read` permissions.
44
+
45
+
- Additionally, ensure that you enable [Allow trusted Azure service access](../../storage/common/storage-network-security.md#grant-access-to-trusted-azure-services) to the storage account when you configure the firewall.
47
46
- The storage account configuration must have the **Permitted scope for copy operations (preview)** option set to **From any storage account**.
48
47
:::image type="content" source="./media/tutorial-export-acm-data/permitted-scope-copy-operations.png" alt-text="Screenshot showing From any storage account option set." lightbox="./media/tutorial-export-acm-data/permitted-scope-copy-operations.png" :::
49
48
@@ -211,9 +210,25 @@ You can retrieve up to 13 months of historical data through the portal UI for al
211
210
- All available prices:
212
211
213
212
- MCA/MPA: Up to 13 months.
214
-
213
+
215
214
- EA: Up to 25 months (starting from December 2022).
216
-
215
+
216
+
#### Why do I get the 'Unauthorized' error while trying to create an Export?
217
+
218
+
When attempting to create an Export to a storage account with a firewall, the user must have the Owner role or a custom role with `Microsoft.Authorization/roleAssignments/write` and `Microsoft.Authorization/permissions/read` permissions. If these permissions are missing, you will encounter an error like:
219
+
220
+
221
+
```json
222
+
{
223
+
"error":{
224
+
"code":"Unauthorized",
225
+
"message":"The user does not have authorization to perform 'Microsoft.Authorization/roleAssignments/write' action on specified storage account, please use a storage account with sufficient permissions. If the permissions have changed recently then retry after some time."
226
+
}
227
+
}
228
+
```
229
+
230
+
You can check for the permissions on the storage account by referring to the steps in [Check access for a user to a single Azure resource](../../role-based-access-control/check-access.md).
231
+
217
232
## Next steps
218
233
219
234
- Learn more about exports at [Tutorial: Create and manage exported data](tutorial-export-acm-data.md).
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments