Strange error when connecting to DataLake using the APIs

This request is not authorized to perform this operation using this permission?! WTF?!

The issue

You are using AAD with OAUTH to access Azure Storage, configured as a DataLake. You get an error that looks like this:

This request is not authorized to perform this operation using this permission.

According to other sites the reason might bee that you have not added your user (or application) to the correct group, or according to others that the storage is configured with a firewall and lastly according to the official documentation it might be a malformed token among other things.

The solution

All those other reasons might be correct but I found another thing: The Datalake resource type is not registered for your subscription. I know, I do not know why you need to do that either but here goes.

The TLDR

Open the subscription on the root level, find resource providers and add Microsoft.DatalakeStore

The full story

The resource is not configured as usable from your subscription and it has to be enabled, or registered. This is the more hardcore way of not allowing certain services to be used in a subscription.

  1. Find the affected subscription. I usually use the menu on the left or search for it in the search-box.
  2. In the left menu of the subscription, scroll down to settings and find the "Resource providers" setting and click it
    file
  3. In the filterbox at the top of the list type datalake and you will get this list.
    file
  4. Select the Microsoft.DatalakeStore option. (Marked #2 in the picture)
  5. Click Register (Marked #3 in the picture). The picture is taken after the registration was done.
  6. Wait, done, retry your API-call.

There might be access issues with registering providers in a subscription. You have to be an Owner or a contributor to do it but the good news is that it only needs to be done once per subscription.