azure.core.exceptions.HttpResponseError: (Forbidden) Caller is not authorized to perform action on resource.

Question

Getting below error while accessing get_secret function.

"azure.core.exceptions.HttpResponseError: (Forbidden) Caller is not authorized to perform action on resource."

Inner error: {

"code": "ForbiddenByRbac"

}

Can anyone help me how to resolve this error?

def analyze_layout(form_url):
    keyVaultName = 'abc'
    tenant_id = "xsync"
    client_id = "sisiosos"
    client_secret = "sisos"
    KVUri = f"https://{keyVaultName}.vault.azure.net"

    credential = ClientSecretCredential(
        tenant_id=tenant_id,
        client_id=client_id,
        client_secret=client_secret
    )

    client = SecretClient(vault_url=KVUri, credential=credential)
    #     client_id=client_id,
    #     client_secret=client_secret
    # )

    secret_name = 'ABCD'
    key = client.get_secret(secret_name)

    secret_name = 'ABCDE'
    endpoint = client.get_secret(secret_name)

    document_intelligence_client = DocumentIntelligenceClient(
        endpoint=endpoint, credential=AzureKeyCredential(key)
    )

    poller = document_intelligence_client.begin_analyze_document(
        "prebuilt-invoice", AnalyzeDocumentRequest(url_source=form_url)
    )

    result = poller.result()
    result_json = result.as_dict()
    return result_json

Answer 1

Hello,

Welcome to Microsoft Q&A,

The error indicates that your service principle does not have sufficient permission to access the Azure Key vault.

Ensure the service principle has the correct permission to access,

1. Go to the Key Vault
2. Select Access Control (IAM) from the side menu
3. Click Add Role Assignment
4. Assign the Key Vault Secrets User role to the service principal

Please Upvote and Accept the answer if it helps!