Skip to main content
To homepage To homepage
Solved

Transfer task new datasource completed with errors

  • November 14, 2024
  • 3 replies
  • 62 views
B
Contributor
  • Bob
  • Contributor
  • 5 replies

Hi,

we have created a new datasource for Azure Active Directory(Entra ID) via “cdata ado.netprovider for azure active directory 2022”

de sync task runs ok but the transfer task keeps giving a completed with error signal. I have discussed this error with a consultant and a system/ authorization specialist but we cannot get it right. The error we are getting is(first part of the error): 

Executing table azuread_users:

failed with error:

System.Data.CData.AzureAD.AzureADException (0x80004005): [500] Could not execute the specified command: [Authentication_RequestFromUnsupportedUserRole] User is not in the allowed roles.  ---> cjo220x.BG: [Authentication_RequestFromUnsupportedUserRole] User is not in the allowed roles.  ---> cjo220x.Qt: [Authentication_RequestFromUnsupportedUserRole] User is not in the allowed roles.

please advise us how to handle this.

 

thank you in advance,

Bob van Ierssel

Best answer by Bob

Hi Christian,

our DSA stated that de global reader role has too much authorisation. Instead he gave me the ”Reports Reader” role. I tested this and task has completed without errors. In this case the ”Reports Reader” role can be a safer alternative.

 

kind regards

Bob

View original
Did this topic help you find an answer to your question?

3 replies

Christian Hauggaard
Community Manager
Forum|alt.badge.img+5

Hi @Bob I have created a support ticket for this

Christian Hauggaard
Community Manager
Forum|alt.badge.img+5

Please see cdata's response below
"Thank you for reaching out.

Sorry to hear that you are facing issues using our Azure Active Directory ADO .NET connector. I investigated the log file that you have provided and from there noticed: {"code":"Authentication_RequestFromUnsupportedUserRole","message":"User is not in the allowed roles" error to be thrown. Looking deeper in the log file I noticed that you were able to get data from tables except the Users one where this error message was thrown. Typically this error message is thrown due to permission or roles missing for the authenticated user. I did some tests executing the same query against the Users table: SELECT [id], [displayName], [employeeId], [isManagementRestricted], [jobTitle], [mail], [onPremisesUserPrincipalName], [preferredLanguage], [signInActivity_lastSuccessfulSignInDateTime], [signInActivity_lastSuccessfulSignInRequestId], [userPrincipalName], [cloudClipboard_id], [solutions_id] FROM [AzureAD].[Users] authenticating with a user who was missing roles and was able to reproduce the same error message. It seems that this error is thrown due to the user not having all the necessary roles assigned to get information regarding the user's signInActivity. After some research, I found out that if the Global Reader is added as an Assigned role for the user you are authenticating with, you will be able to get also data regarding the signInActivity.
?name=image.png

I tried adding that, and the above-mentioned query was executed successfully this time. So, in this situation, this is what I would also suggest you, check the user-assigned roles and if he is missing anything, add the necessary one."

B
Contributor
  • Bob
  • Author
  • Contributor
  • 5 replies
  • Answer
  • December 3, 2024

Hi Christian,

our DSA stated that de global reader role has too much authorisation. Instead he gave me the ”Reports Reader” role. I tested this and task has completed without errors. In this case the ”Reports Reader” role can be a safer alternative.

 

kind regards

Bob

Christian Hauggaard
1 person likes this
  • Christian Hauggaard
    Christian Hauggaard

Reply


Most helpful members this week

Terms and ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings