Hi,
I’m using Azure v9.3.0. I see in the logs that I get a lot of errors when trying to ListKeys - as I don’t have the permission to Microsoft.Storage/storageAccounts/listKeys/action. This is expected as I only have the Reader Role.
Was wondering which table is in charge of this request? I want to skip it.
Thanks!
What tables are you trying to fetch? Can you share your config YAML file (without sensitive details)? Also, please share the contents of your cloudquery.log file.
I don’t have access to all the log, but here are some lines that caught my eye:
2023-10-10T12:13:39Z ERR table resolver finished with error error="POST https://management.azure.com/subscriptions/43e6231a-e00b-46fa-9d7b-aeb81c00b10d/resourceGroups/managed-rg-MSC-HQ-PROD/providers/Microsoft.Storage/storageAccounts/scanwesteuropeejpsraj/listKeys\n--------------------------------------------------------------------------------\nRESPONSE 403: 403 Forbidden\nERROR CODE: AuthorizationFailed\n--------------------------------------------------------------------------------\n{\n \"error\": {\n \"code\": \"AuthorizationFailed\",\n \"message\": \"The client 'c2472919-ac4c-4d65-997b-0e03b27252c1' with object id 'c2472919-ac4c-4d65-997b-0e03b27252c1' does not have authorization to perform action 'Microsoft.Storage/storageAccounts/listKeys/action' over scope '/subscriptions/43e6231a-e00b-46fa-9d7b-aeb81c00b10d/resourceGroups/managed-rg-MSC-HQ-PROD/providers/Microsoft.Storage/storageAccounts/scanwesteuropeejpsraj' or the scope is invalid. If access was recently granted, please refresh your credentials.\"\n }\n}\n--------------------------------------------------------------------------------\n" client=subscriptions/43e6231a-e00b-46fa-9d7b-aeb81c00b10d module=azure-src table=azure_storage_queue_acl
My bad! I now see that it is the table azure_storage_queue_acl which is making the request.
But now that I’m looking at the logs (using Logz.io), I can see that I have about 300 errors all with the same request:
POST https://management.azure.com/subscriptions/43e6231a-e00b-46fa-9d7b-aeb81c00b10d/resourceGroups/managed-rg-MSC-HQ-PROD/providers/Microsoft.Storage/storageAccounts/scanwesteuropeejpsraj/listKeys
Makes me wonder why it is written so many times? 
Do all those calls result in errors? Might be worth fixing that first.
Yes, all calls to that particular asset result in an error.
It seems weird that CloudQuery is making more requests to the same resource even though it received a RESPONSE 403.
By the way, I see 2994 times the same requests with the same error now.
I’m uploading here a part of the log:
[Insert log part here]
If you search for this POST request I sent earlier, you will see it 2994 times.
I’ll look into this. I’m curious if correcting the auth issues will have an impact on what you see in the logs.
I can’t correct the auth because I don’t have access to changing the Role. 
For now, I just skip the table azure_storage_queue_acl.