Cant reach from databricks to Storage account - Stack Overflow

admin管理员组

文章数量:1122832

We are trying to make environemnt more secure and I have added the private endpoints to my storage account which is part of the Vnet-dev. My databricks is not Vnet injected but it has its own Workers-Vnet with its own private and public subnets.

I have made the Virtual network peering between two Vnets based on the documentaion!

On my datalake I have whitelisted my Own Vnet and expcted that sinse there is the peering between my own Vnet and databricks Vnet, I should have have been able reach storage account.

But I get belwo erro in databricks

This request is not authorized to perform this operation.", 403, GET,

Storage account has two PEP (blob and DFs) and as I said the subnet is whitelisted on the storage account.

We are trying to make environemnt more secure and I have added the private endpoints to my storage account which is part of the Vnet-dev. My databricks is not Vnet injected but it has its own Workers-Vnet with its own private and public subnets.

I have made the Virtual network peering between two Vnets based on the documentaion!

On my datalake I have whitelisted my Own Vnet and expcted that sinse there is the peering between my own Vnet and databricks Vnet, I should have have been able reach storage account.

But I get belwo erro in databricks

This request is not authorized to perform this operation.", 403, GET, https://mydatalake.dfs.core.windows.net/extract

Storage account has two PEP (blob and DFs) and as I said the subnet is whitelisted on the storage account.

• databricks
• azure-storage
• azure-databricks
• azure-virtual-network

Share Improve this question Follow asked Nov 22, 2024 at 11:43 play_something_goodplay_something_good 13111 silver badge1111 bronze badges 2

• can you check this once? – Bhavani Commented Nov 22, 2024 at 11:47
• you are proposing to redeploy databricks in my own vnet but I dont want to redeploy. – play_something_good Commented Nov 22, 2024 at 12:28

Add a comment  | 

2 Answers 2

Sorted by: Reset to default 0

Error:

This request is not authorized to perform this operation.", 403, GET,https://mydatalake.dfs.core.windows.net/extract

To resolve the error You have to try to modify setting in ADLS like below:

Storage Accounts -> Your Storage Account you have created for ADLS -> Networking

Enabling the option "Allow trusted Microsoft services to access this storage account" grants trusted Microsoft services permission to access the storage account.

Also make sure to have the required permissions like Contributor and User Access Administrator roles / Storage Blob Data Owner role.

Assign the application to a role, make sure to assign the Storage Blob Data Contributor role to the service principal.

Reference: Cant reach from databricks to Storage account

@play-something-good, there are two potential reasons for the error:

Databricks workspace to storage account connection: Please refer to the instructions shared by @Dileep Raj Narayan Thumula.

Access validation: Ensure your access to the storage account is properly configured (ACL, storage account key, SAS token, etc.).

Additionally, you could try changing the storage account network setting to "Enable from all networks".

Note: This is not a best practice for production workloads.

本文标签： Cant reach from databricks to Storage accountStack Overflow