# FAQ's and Troubleshooting

### FAQ

**Q: Why does e6data need access?**\
A: To securely read and analyze your data stored in Azure Blob Storage. e6data only requires **read-only permissions**(Storage Blob Data Reader) and cannot modify your data.

**Q: Can e6data modify or delete data?**\
A: No. The assigned role grants read-only access only. e6data cannot create, update, or delete any object or bucket configuration.

**Q: Can I limit access to specific containers or folders?**\
A: Yes. Access can be scoped at the **storage account**, **container**, or even **blob path** level using Azure RBAC. For advanced folder-level restrictions, contact e6data support.

**Q: How do I revoke access?**\
A: Remove the RBAC role assignment from the Managed Identity that was granted access.

* **Azure Portal:**
  * Go to your Storage Account → **Access control (IAM)**
  * Locate the role assignment for the Managed Identity
  * Click **Remove**
* **Azure CLI:**

```
# Remove Storage Blob Data Reader role from managed identity
az role assignment delete \
  --assignee <MANAGED_IDENTITY_CLIENT_ID_OR_PRINCIPAL_ID> \
  --role "Storage Blob Data Reader" \
  --scope /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Storage/storageAccounts/<STORAGE_ACCOUNT_NAME>
```

### Troubleshooting

| Issue                       | Suggested Action                                                                                                                                                              |
| --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Permission Denied           | Verify that the Managed Identity has the **Storage Blob Data Reader** role assigned at the correct scope (storage account or container).                                      |
| Managed Identity Not Found  | Ensure you are using the correct **Client ID** / **Principal ID**from Step 1.                                                                                                 |
| Access Issues Persist       | Check if your Storage Account has **firewall** or **private endpoint restrictions**. Ensure the AKS cluster running with the Managed Identity can access the Storage Account. |
| Federated Credential Issues | Make sure the **Kubernetes service account**, **namespace**, and **issuer URL** match correctly in the Managed Identity Federated Credential configuration.                   |
| Still Blocked               | Contact **e6data support** with the Managed Identity details, error logs, and storage account information.                                                                    |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.e6data.com/product-documentation/setup/azure-setup/configure-azure-storage-access-for-serverless-compute-azure/faqs-and-troubleshooting.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.