How To Fix Azure Data Factory 403 Forbidden SharePoint Site

After setting up the access to your SharePoint site for Azure Data Factory with a Web component to receive the access token you might hit an 403 forbidden access error.

You’ll see an Error details, Error code 2200 and get a Troubleshooting guide on the debug log.
Details ErrorCode=HttpFileFailedToRead,’ Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=Failed to read data from http server. Check the error from http server:The remote server returned an error: (403) Forbidden.,Source=Microsoft.DataTransfer.ClientLibrary,”Type=System.Net.WebException,Message=The remote server returned an error: (403) Forbidden.,Source=System,’

In the Microsoft Azure Data Factory guide on setting up the connection to the SharePoint site and look at the Prerequisite: https://docs.microsoft.com/en-us/azure/data-factory/connector-sharepoint-online-list?tabs=data-factory#copy-file-from-sharepoint-online

Take a look at the Permission Request XML. There are two different permission requests. One for site owner site and one for site admin role. When adding the owner site you’ll get this trust screen on SharePoint from https://[your_site_url]/_layouts/15/appinv.aspx

Solution to access SharePoint Site Documents

On /appinv.aspx site again and add the site owner role permission request xml instead

<AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Read"/>
</AppPermissionRequests>

This will give the following permission to trust

  • “Let it read items in this site.”
  • “Let it share its permissions with other users.”
  • “Let it access basic information about the users of this site.”

As you can see we get an addition access which gives the correct access when requesting from Data Factory. When debugging you will now be able to access your SharePoint document.

image.png