How to fix "code":"InvalidDocumentAccessLevel","message":"Cannot access source document location with the current permissions."

Falco Zandboer (0941881) 25 Reputation points
2024-03-13T13:35:18.2666667+00:00

I am trying to use Microsoft power automate to automatically translate documents uploaded to a sharepoint folder. The documents are first retrieved and then stored in an Azure blob storage account. This works fine. This blob should then be retrieved by the translator to be translated. This is where the error seems to occur, as the validation error states there is no permission to access the source file location.

The thing is, it should have access as far as I'm aware. I have also followed the azure tutorial to give the translator access to the storage account. In addition, for testing purposes, I have allowed anonymous read access to the storage container and it's contents. Please help me find a solution. Thank you in advance.

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,999 questions
Azure Translator
Azure Translator
An Azure service to easily conduct machine translation with a simple REST API call.
428 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,999 questions
{count} vote

Accepted answer
  1. Anand Prakash Yadav 7,810 Reputation points Microsoft Vendor
    2024-03-14T10:11:36.3233333+00:00

    Hello Falco Zandboer (0941881),

    Thank you for posting your query here!

    The error message you’re encountering, “Cannot access source document location with the current permissions,” typically indicates that the Azure Translator service is unable to access the blob in your Azure Storage account due to insufficient permissions.

    Please note that if you’ve disallowed public access to your storage account, all requests to blob data must be authorized regardless of the container’s public access setting. Even if you’ve allowed anonymous read access to the container, the Translator service might still need explicit authorization if public access is disallowed at the storage account level.

    Power Automate and Power Apps does not support connection with Azure Blob storage if the Blob storage is behind the firewall.

    Please try to set public access at the storage account level.

    User's image

    Before you can use the Translator V3 connector's operations for document translation, you must grant your Translator resource access to your storage account using a managed identity with role based identity control (RBAC).

    User's image

    Or else you may use the Azure Translator service with a SAS URL to access the blob in the Azure Storage. https://stackoverflow.com/questions/77066290/cannot-access-source-document-location-with-the-current-permissions

    For reference: https://learn.microsoft.com/en-us/azure/ai-services/translator/connector/document-translation-flow?tabs=blob-storage#translate-documents

    Similar posts: https://learn.microsoft.com/en-us/answers/questions/610532/getting-error-while-translating-document-using-azu

    https://learn.microsoft.com/en-us/answers/questions/1286278/cannot-access-source-document-location-with-the-cu

    Do let us know if you have any further queries. I’m happy to assist you further.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.


2 additional answers

Sort by: Most helpful
  1. Roman Ianchenko 0 Reputation points
    2024-06-28T07:13:55.9466667+00:00
    0 comments No comments

  2. Terru Ahmad 40 Reputation points Microsoft Employee
    2024-08-12T22:03:58.22+00:00

    Hello,

    My customer is having the same issue. We followed the documentation for the setup below.User's image

    Translator and Azure Blob Storage were configured with private endpoints. It worked fine in my own test subscription where I have owner permission. However, it is not working in the customer's environment.

    Questions:

    1. Are there any additional permissions required for the blob?
    2. Both Translator and Blob Storage use the same subnet for private endpoints. Microsoft. Storage and Microsoft.CognitiveServices were selected. The client applied an NSG to the subnet. I am waiting to review the NSG rules. Do we need to add an outbound rule to allow the VNet to Azure AI services using CognitiveServicesManagement tag? https://learn.microsoft.com/en-us/azure/ai-services/cognitive-services-virtual-networks?tabs=portal
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.