You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/ai-services/document-intelligence/faq.yml
+39-3Lines changed: 39 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -207,9 +207,7 @@ sections:
207
207
208
208
- **Storage Account Contributor**: You need this role for the storage account to set up cross-origin resource sharing (CORS) settings. It's a one-time effort if you reuse the same storage account.
209
209
210
-
- **Contributor**: You need this role to create a resource group and resources.
211
-
212
-
Having Contributor or Storage Account Contributor role doesn't give you access to use your Document Intelligence resource or storage account if local (key-based) authentication is disabled. You still need the basic roles (Cognitive Services User and Storage Data Blob Contributor) to use the functions on Document Intelligence Studio.
210
+
- **Contributor**: You need this role to create a resource group and resources. **Contributor** or **Storage Account Contributor** role doesn't give you access to use your Document Intelligence resource or storage account if local (key-based) authentication is disabled. You still need the basic roles (**Cognitive Services User** and **Storage Data Blob Contributor**) to use the functions on Document Intelligence Studio.
213
211
214
212
For more information, see [Microsoft Entra built-in roles](../../role-based-access-control/built-in-roles.md) and the sections about Azure role assignments in the [Document Intelligence Studio quickstart](quickstarts/try-document-intelligence-studio.md).
215
213
@@ -256,6 +254,44 @@ sections:
256
254
257
255
- Re-create a custom project with the migrated Document Intelligence resource and specify the same storage account.
258
256
257
+
- question: |
258
+
Why an I receiving the error "PermissionDenied" when using prebuilt apps or opening my custom project?
259
+
answer: |
260
+
If you received error "PermissionDenied: Principal does not have access to API/Operation" when analyzing against prebuilt models or opening a custom project, it is likely the local (key-based) authentication is disabled for your Document Intelligence resource and your do not have enough permission to access the resource. Please reference [Azure role assignments](quickstarts/try-document-intelligence-studio.md#azure-role-assignments) to configure your access roles.
261
+
262
+
- question: |
263
+
Why an I receiving the error "AuthorizationPermissionMismatch" when opening my custom project?
264
+
answer: |
265
+
If you received error "AuthorizationPermissionMismatch: This request is not authorized to perform this operation using this permission" when opening a custom project, it is likely the local (key-based) authentication is disabled for your storage account and your do not have enough permission to access the blob data. Please reference [Azure role assignments](quickstarts/try-document-intelligence-studio.md#azure-role-assignments-1) to configure your access roles.
266
+
267
+
- question: |
268
+
Why am I not able to sign in to Document Intelligence Studio and keeps seeing InteractionRequiredAuthError error (AADSTS50058)?
269
+
answer: |
270
+
If you received error "InteractionRequiredAuthError: login_required: AADSTS50058: A silent sign-request was sent but no user is signed in.", this is due to 3rd-party cookies are blocked by your browser so we cannot successfully sign in your account.
271
+
272
+
For **Edge** users, please:
273
+
- Go to **Settings** for Edge
274
+
- Search for "**third-party**"
275
+
- Go to **Manage and delete cookies and site data**
276
+
- Turn off the setting of **Block third-party cookies**
277
+
278
+
For **Chrome** users, please:
279
+
- Go to **Settings** for Chrome
280
+
- Search for "**Third-party**"
281
+
- Under **Default behavior**, select **Allow third-party cookies**
282
+
283
+
For **Firefox** users, please:
284
+
- Go to **Settings** for Firefox
285
+
- Search for "**cookies**"
286
+
- Under **Enhanced Tracking Protection**, select **Manage Exceptions**
287
+
- Add exception for **https://documentintelligence.ai.azure.com** or the Document Intelligence Studio URL of your environment
288
+
289
+
For **Safari** users, please:
290
+
- Choose **Safari** > **Preferences**
291
+
- Click **Privacy**
292
+
- Deselect **Block all cookies**
293
+
294
+
259
295
- question: |
260
296
Are there separate URL endpoints for Document Intelligence sovereign cloud regions?
Copy file name to clipboardExpand all lines: articles/ai-services/document-intelligence/managed-identities-secured-access.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -285,7 +285,7 @@ That's it! You can now configure secure access for your Document Intelligence re
285
285
286
286
:::image type="content" source="media/managed-identities/access-denied.png" alt-text="Screenshot of an access denied error.":::
287
287
288
-
**Resolution**: Check to make sure there's connectivity between the computer accessing the Document Intelligence Studio and the Document Intelligence service. For example, you might need to allow the client IP address in **Networking > Firewalls and virtual networks** setting page of both Document Intelligence resource and storage account.
288
+
**Resolution**: Make sure the client computer can access Document Intelligence resource and storage account, either they are in the same `VNET`, or client IP address is allowed in **Networking > Firewalls and virtual networks** setting page of both Document Intelligence resource and storage account.
Copy file name to clipboardExpand all lines: articles/ai-services/document-intelligence/quickstarts/try-document-intelligence-studio.md
+3Lines changed: 3 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -104,6 +104,9 @@ For custom projects, the following role assignments are required for different s
104
104
***Storage Account Contributor**: You need this role for the Storage Account to set up CORS settings (this action is a one-time effort if the same storage account is reused).
105
105
***Contributor**: You need this role to create a resource group and resources.
106
106
107
+
> [!NOTE]
108
+
> If local (key-based) authentication is disabled for your Document Intelligence service resource and storage account, be sure to obtain **Cognitive Services User** and **Storage Blob Data Contributor** roles respectively, so you have enough permissions to use Document Intelligence Studio. The **Storage Account Contributor** and **Contributor** roles only allow you to list keys but does not give you permission to use the resources when key-access is disabled.
109
+
107
110
### Configure CORS
108
111
109
112
[CORS (Cross Origin Resource Sharing)](/rest/api/storageservices/cross-origin-resource-sharing--cors--support-for-the-azure-storage-services) needs to be configured on your Azure storage account for it to be accessible from the Document Intelligence Studio. To configure CORS in the Azure portal, you need access to the CORS tab of your storage account.
0 commit comments