FAQ's and Troubleshooting
FAQ
Q: Why does e6data need access? A: To securely read and analyze your data stored in Azure Blob Storage. e6data only requires read-only permissions(Storage Blob Data Reader) and cannot modify your data.
Q: Can e6data modify or delete data? A: No. The assigned role grants read-only access only. e6data cannot create, update, or delete any object or bucket configuration.
Q: Can I limit access to specific containers or folders? A: Yes. Access can be scoped at the storage account, container, or even blob path level using Azure RBAC. For advanced folder-level restrictions, contact e6data support.
Q: How do I revoke access? A: Remove the RBAC role assignment from the Managed Identity that was granted access.
Azure Portal:
Go to your Storage Account → Access control (IAM)
Locate the role assignment for the Managed Identity
Click Remove
Azure CLI:
# Remove Storage Blob Data Reader role from managed identity
az role assignment delete \
--assignee <MANAGED_IDENTITY_CLIENT_ID_OR_PRINCIPAL_ID> \
--role "Storage Blob Data Reader" \
--scope /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Storage/storageAccounts/<STORAGE_ACCOUNT_NAME>Troubleshooting
Permission Denied
Verify that the Managed Identity has the Storage Blob Data Reader role assigned at the correct scope (storage account or container).
Managed Identity Not Found
Ensure you are using the correct Client ID / Principal IDfrom Step 1.
Access Issues Persist
Check if your Storage Account has firewall or private endpoint restrictions. Ensure the AKS cluster running with the Managed Identity can access the Storage Account.
Federated Credential Issues
Make sure the Kubernetes service account, namespace, and issuer URL match correctly in the Managed Identity Federated Credential configuration.
Still Blocked
Contact e6data support with the Managed Identity details, error logs, and storage account information.
Last updated