Share via

Error when creating Azure AI Search index with role-based access

Nagwekar, Shruti 20 Reputation points
2024-04-02T11:07:41.29+00:00

I am trying to create a search index on the Azure AI Search Service using role-based access with MSI. However, I'm getting an error: HttpResponseError: Operation returned an invalid status 'Forbidden'. I'm using the following Python code:

from azure.identity import DefaultAzureCredential
from azure.core.credentials import AzureKeyCredential
from azure.search.documents.indexes import SearchIndexClient
from azure.search.documents.indexes.models import SearchIndex

credential = DefaultAzureCredential(managed_identity_client_id="<msi of the compute>")
token = credential.get_token("https://cognitiveservices.azure.com/.default")
endpoint = "<service url>" #Replace the with your endpoint
index_name = "my_test_index"
client = SearchIndexClient(endpoint=endpoint, credential=AzureKeyCredential(token.token))
index = SearchIndex(
                    name=index_name,
                    fields=[
                        {"name": "page_no", "type": "Edm.String", "key": True, "filterable": True},
                        {"name": "text", "type": "Edm.String", "searchable": True, "sortable": True},
                        # Add more fields as needed
                    ]
                    )
client.create_index(index)
print("index created")

Is there anything I can do to fix this error?

Azure AI Search
Azure AI Search
An Azure search service with built-in artificial intelligence capabilities that enrich information to help identify and explore relevant content at scale.
1,199 questions
Accepted answer
  1. brtrach-MSFT 17,476 Reputation points Microsoft Employee
    2024-04-02T22:17:50.5366667+00:00

    @Nagwekar, Shruti Based on the error message you provided, it seems that the operation is returning a 'Forbidden' status, which indicates that the request is not authorized to access the resource. This could be due to a number of reasons, such as incorrect credentials or insufficient permissions.

    One possible reason for this error could be that the MSI of the compute does not have the necessary permissions to create an index on the Azure AI Search Service. To fix this, you can try granting the MSI the necessary permissions to create an index on the Azure AI Search Service.

    To grant the MSI the necessary permissions, you can follow these steps:

    1. Go to the Azure portal and navigate to the Azure AI Search Service.
    2. Click on the "Access control (IAM)" tab.
    3. Click on the "+ Add" button and select "Add role assignment".
    4. In the "Add role assignment" pane, select the "Search Service Contributor" role.
    5. In the "Add members" pane, search for the name of the MSI of the compute and select it.
    6. Click on the "Save" button to save the role assignment.

    After granting the MSI the necessary permissions, you can try running your Python code again to create the search index.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.