![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 30%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGY%3C/text%3E%3C/svg%3E)
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,939 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 65%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECB%3C/text%3E%3C/svg%3E)
Hi ,
Thanks for reaching out to Microsoft Q&A.
The UserErrorPermissionDeniedOnCloudIR error you are seeing typically indicates an issue with permissions or configuration when trying to access SharePoint Online from Azure Integration IR in ADF.
Here are some steps you can take to troubleshoot and resolve this:
- Verify Permissions on SharePoint Online
- Ensure the user or service principal used for AUTH has the appropriate permissions to access the specified SharePoint Online document library.
- The account needs at least Read permission on the file and library you’re trying to access.
- Use Self-Hosted Integration Runtime (SHIR)
- Azure Integration Runtime (IR) doesn’t inherently support all network and authentication methods required by SharePoint. To overcome this, consider using a SHIR instead of Azure IR, as SHIR can provide more flexible access to on-premises and private network resources.
- Install SHIR on a VM (or on-prem server) that has network access to SharePoint Online, then use it for your copy operation.
- Ensure Authentication Method Compatibility
- If you are using Azure AD authentication, ensure that:
- You are using a valid OAuth token or service principal with permissions to access the SharePoint site.
- Azure IR or SHIR is configured to support the OAuth authentication method required by SharePoint.
- When setting up OAuth, make sure to:
- Register an application in Azure AD, grant API permissions for SharePoint Online, and configure the application for delegated or application permissions, as required.
- Add the client ID and client secret of the registered application in the linked service configuration for SharePoint Online in ADF.
- Register an application in Azure AD, grant API permissions for SharePoint Online, and configure the application for delegated or application permissions, as required.
- You are using a valid OAuth token or service principal with permissions to access the SharePoint site.
- Configure the SharePoint Linked Service Correctly in ADF
- Double-check the configuration of your SharePoint Online linked service in Azure Data Factory:
- Ensure that the Tenant ID, Client ID, and Client Secret fields (if using a service principal) are correctly populated. Confirm that the correct Site URL is specified.
- If there’s an option for choosing a File path, make sure it is accurate and accessible with the given credentials.
- Network Configuration and Allowlisting
- Ensure that network access permissions for Azure IR or SHIR are set up correctly. Sometimes, you may need to configure allowlisting to permit ADF access to SharePoint Online.
Additional Tips:
- Review the Azure Data Factory SharePoint Online connector documentation for any specifics related to configuration. Test the configuration by first setting up a simple file access to ensure basic connectivity, then proceed with your complete file copy operation.
If the issue persists, please provide additional details on auth methods and integration runtime configurations to identify any further customizations.
Please feel free to click the 'Upvote' (Thumbs-up) button and 'Accept as Answer'. This helps the community by allowing others with similar queries to easily find the solution.