I’ve created a YAML pipeline in Azure DevOps to deploy Azure Data Factory using the below task:

- task: deploy-adf-json@2
  inputs:
    azureSubscription: '<subscription name>'
    ResourceGroupName: '<rg name>'
    DatafactoryName: '<adf name>'
    ServicePath: '$(System.ArtifactsDirectory)/adf/linkedService'
    PipelinePath: '$(System.ArtifactsDirectory)/adf/pipeline'
    TriggerPath: '$(System.ArtifactsDirectory)/adf/trigger'
    Sorting: 'ascending'

However, everything deploys successfully except for one trigger, for which I get the below error:

##[error]Error deploying ‘Storage_Account_Trigger’ trigger : The client ‘”client id”‘ with object id ‘”object id”‘ has permission to perform action ‘Microsoft.DataFactory/factories/triggers/write’ on scope ‘/subscriptions/”subscription id”/resourceGroups/”rg name”/providers/Microsoft.DataFactory/factories/”adf name”/triggers/Storage_Account_Trigger’; however, it does not have permission to perform action(s) ‘Microsoft.EventGrid/EventSubscriptions/Write’ on the linked scope(s) ‘/subscriptions/”subscription id”/resourceGroups/”rg name”/providers/Microsoft.Storage/storageAccounts/”storage account name”‘ (respectively) or the linked scope(s) are invalid.

The trigger is designed to run a specific pipeline whenever a new CSV file is created at a specific file path in the storage account. The code for the trigger is:

{
    "name": "Storage_Account_Trigger",
    "properties": {
        "annotations": [],
        "runtimeState": "Started",
        "pipelines": [
            {
                "pipelineReference": {
                    "referenceName": "PL_Ingest",
                    "type": "PipelineReference"
                }
            }
        ],
        "type": "BlobEventsTrigger",
        "typeProperties": {
            "blobPathBeginsWith": "<file path>",
            "blobPathEndsWith": ".csv",
            "ignoreEmptyBlobs": true,
            "scope": "/subscriptions/<subscription id>/resourceGroups/<rg name>/providers/Microsoft.Storage/storageAccounts/<storage account name>",
            "events": [
                "Microsoft.Storage.BlobCreated"
            ]
        }
    }
}

From my (limited) understanding, it looks like the trigger requires write permissions in order to work and the storage account policy doesn’t allow it. I cannot change this policy nor do I understand the need to as I’m not looking to write anything to the storage account with the trigger. I just want to read and determine if there are any new CSV files.

Any help for how to get around this error or remove the need for write permissions would be appreciated!

Thanks!