Learn how to create Azure access controls.

1. Navigate to and select the Azure storage account for which you want to create access controls.
   1. In the Microsoft Azure portal, select Storage Accounts.
   2. Select the Storage Account you previously created in Create an Azure storage account.
2. On the Storage account page, select Access Control.
3. On the Access Control page, select the + New Role button.
4. On the Create a custom role page, complete the Roles tab:

   • Custom role name: Enter a name for this custom role.

     Tip: Take note of this value. You'll need it when you Create event notification integrations in Snowflake (Azure).

   • Description: Enter a brief description of this role.

   • Baseline permissions: Leave at the default Clone a role option.

   • Role to clone: From the drop-down menu, select Storage blob data contributor.

     Note: When creating the custom role, ensure that the role includes both read and write permissions on blob containers and blob objects. The exported data and staging files must be readable and writable by the Reltio Data Pipeline service.
5. Select the JSON tab and specify the permissions for this role:
   1. Select Edit and replace the permissions section with the following:

      "permissions": [
                  {
                      "actions": [
                          "Microsoft.Storage/storageAccounts/blobServices/containers/read",
                          "Microsoft.Storage/storageAccounts/blobServices/containers/write"
                      ],
                      "notActions": [],
                      "dataActions": [
                          "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
                          "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
                      ],
                      "notDataActions": []
                  }
              ]

   2. Select Save.
6. At the bottom of the page, select the Review and Create button.
7. In the Review and Create tab, review the details of the custom role and then at the bottom of the page select Create:

   • Basics

   • Permissions

   • Assignable Scopes

8. In the displayed You have successfully created the custom role confirmation message, select OK.
9. On the Access Control (IAM) page, in the Roles tab, create role assignments:
   1. From the top menu bar, select Add > Add role assignment.
   2. On the Add role assignment page, in the Role tab, highlight the name of your new custom role abd then select the Members tab.
   3. Complete the Members tab:

      • Selected role: View the name of your custom role.

      • Assign access to: Leave the default User, group, or service principal option selected.

      • Members: Select + Select members and in the panel displayed on the right, search for and select the Application Display Name you created in Create Azure client credentials. Selected members are displayed in the table in this section.

      • Description: Enter a brief description of the role members.

   4. At the bottom of the page, select Review + assign.
   5. In the Review + assign tab, review the details you specified:

      • Role

      • Scope

      • Members

      • Description

      • Condition

   6. At the bottom of the page, select Review + assign again.
10. Back on the Access Control (IAM) page, after the Adding Role assignment notification clears, view your new custom role in the list.
11. If you receive storage access errors after completing the following steps:
    1. Confirm the correct service principal (App Display Name) was selected under Members.
    2. Verify the scope of the role assignment includes the specific storage container(s) you are using.
    3. Ensure your Azure storage firewall allows traffic from the Reltio Data Pipeline Hub IP address.
    4. Check for typos or mismatches between storage paths in the role assignment and the values configured in your Reltio adapter.