Troubleshoot Azure Digital Twins Explorer: Authentication errors
This article describes causes and resolution steps for receiving authentication errors while running Azure Digital Twins Explorer.
Symptoms
When running Azure Digital Twins Explorer, you encounter the following error message:
Causes
Cause #1
This error will occur if your Azure account doesn't have the required Azure role-based access control (Azure RBAC) permissions set on your Azure Digital Twins instance. In order to access data in your instance, you must have the Azure Digital Twins Data Reader or Azure Digital Twins Data Owner role on the instance you are trying to read or manage, respectively.
For more information about security and roles in Azure Digital Twins, see Security for Azure Digital Twins solutions.
Solutions
Solution #1
Verify that your Azure user has the Azure Digital Twins Data Reader role on the Azure Digital Twins instance if you're just trying to read its data, or the Azure Digital Twins Data Owner role on the instance if you're trying to manage its data.
Note that this role is different from...
- the former name for this role during preview, Azure Digital Twins Owner (Preview) (the role is the same, but the name has changed)
- the Owner role on the entire Azure subscription. Azure Digital Twins Data Owner is a role within Azure Digital Twins and is scoped to this individual Azure Digital Twins instance.
- the Owner role in Azure Digital Twins. These are two distinct Azure Digital Twins management roles, and Azure Digital Twins Data Owner is the role that should be used for management.
If you do not have this role, set it up to resolve the issue.
Check current setup
One way to check that you have successfully set up the role assignment is to view the role assignments for the Azure Digital Twins instance in the Azure portal. Go to your Azure Digital Twins instance in the Azure portal. To get there, you can look it up on the page of Azure Digital Twins instances or search its name in the portal search bar).
Then, view all of its assigned roles under Access control (IAM) > Role assignments. Your role assignment should appear in the list.
Fix issues
If you do not have this role assignment, someone with an Owner role in your Azure subscription should run the following command to give your Azure user the appropriate role on the Azure Digital Twins instance.
If you're an Owner on the subscription, you can run this command yourself. If you're not, contact an Owner to run this command on your behalf. The role name is Azure Digital Twins Data Owner for edit access, or Azure Digital Twins Data Reader for read access.
az dt role-assignment create --dt-name <your-Azure-Digital-Twins-instance> --assignee "<your-Azure-AD-email>" --role "<role-name>"
For more details about this role requirement and the assignment process, see Set up your user's access permissions.
Next steps
Read the setup steps for creating and authenticating a new Azure Digital Twins instance:
Read more about security and permissions on Azure Digital Twins: