# FAQ's and Troubleshooting

### FAQ

**Q: Why does e6data need access?**\
A: To securely read and analyze your data stored in Azure Blob Storage. e6data only requires **read-only permissions**(Storage Blob Data Reader) and cannot modify your data.

**Q: Can e6data modify or delete data?**\
A: No. The assigned role grants read-only access only. e6data cannot create, update, or delete any object or bucket configuration.

**Q: Can I limit access to specific containers or folders?**\
A: Yes. Access can be scoped at the **storage account**, **container**, or even **blob path** level using Azure RBAC. For advanced folder-level restrictions, contact e6data support.

**Q: How do I revoke access?**\
A: Remove the RBAC role assignment from the Managed Identity that was granted access.

* **Azure Portal:**
  * Go to your Storage Account → **Access control (IAM)**
  * Locate the role assignment for the Managed Identity
  * Click **Remove**
* **Azure CLI:**

```
# Remove Storage Blob Data Reader role from managed identity
az role assignment delete \
  --assignee <MANAGED_IDENTITY_CLIENT_ID_OR_PRINCIPAL_ID> \
  --role "Storage Blob Data Reader" \
  --scope /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Storage/storageAccounts/<STORAGE_ACCOUNT_NAME>
```

### Troubleshooting

| Issue                       | Suggested Action                                                                                                                                                              |
| --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Permission Denied           | Verify that the Managed Identity has the **Storage Blob Data Reader** role assigned at the correct scope (storage account or container).                                      |
| Managed Identity Not Found  | Ensure you are using the correct **Client ID** / **Principal ID**from Step 1.                                                                                                 |
| Access Issues Persist       | Check if your Storage Account has **firewall** or **private endpoint restrictions**. Ensure the AKS cluster running with the Managed Identity can access the Storage Account. |
| Federated Credential Issues | Make sure the **Kubernetes service account**, **namespace**, and **issuer URL** match correctly in the Managed Identity Federated Credential configuration.                   |
| Still Blocked               | Contact **e6data support** with the Managed Identity details, error logs, and storage account information.                                                                    |