Hi @Marcus Vinicius Cursino Suares , just to add to the above, what you're describing does look like a portal bug rather than a misconfiguration. The Foundry User role assigned at the project scope should be sufficient for file uploads within that project; needing to assign it at the root Foundry resource level to make uploads work suggests the portal's permission check is evaluating against the wrong scope for this specific operation.
A few practical things worth confirming to help narrow it down:
- Check which type of upload is failing, Agent file search, playground uploads, and vector store uploads each call different backend APIs and may have different permission check paths. Knowing which one helps determine if this is isolated to one workflow or the entire upload surface.
Also check if the connected storage account has its own access control requirements. In new Foundry projects, file uploads often go through an Azure Storage account linked to the project, and the Foundry User role at project scope may not automatically grant the necessary Storage Blob Data Contributor role on that storage account. This is a common gap that isn't always obvious from the portal error message.
If assigning at the root resource is not acceptable for your security model, the narrowest workaround is to additionally assign Storage Blob Data Contributor on the project's linked storage account directly to the affected user, rather than elevating at the Foundry resource level. This may restore upload functionality without broadening access beyond the project boundary.
Please upvote and accept the answer if it helps!