Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.

Reply
jwlegacy
Frequent Visitor

Not able to connect to ADLS with shortcut in Lakehouse/One Lake (given all roles, no vnet)

Dear community,

I am testing the use case of Fabric for a client of mine, instead of going with the regular Azure SQL Server + Azure Data Factory stack.

I have been able to connect sources and push data to the ADLS gen 2, which was originally a blob storage but I have converted it to an ADLS gen 2.

 

I have searched the forums and tried everything. I have given all the roles I could find to be relevant (I am already the Owner but I also gave myself the blob stroage owner, contributor and reader). There is no vnet configured as well.

 

Still, I cannot get the data loaded into the lakehouse in Fabric. I have tried both the dataflow gen 2 (which gives me invalid credentials error) and the shortcut option, which was my preferred option.

 

With the shortcut I am able to connect to the ADLS with my account credentials but then I get the following error:

jwlegacy_0-1712651840855.png

 

Error 403 - This request is not authorized to perform this operation.

 

What do I need to do to get this sorted? I want to test my use case to see if I can proceed with Fabric instead of the regular Azure SQL tools.

 

 

Kind regards,

 

Jesper

 



1 ACCEPTED SOLUTION

Hey @v-cboorla-msft and @AndyDDC ,

I have found the issue while trial & error'ing with a colleague of mine.

I didn't realize that having set the public network access on the storage account to 'enabled from selected virtual networks and IP addresses' (which can be found under Networking) which didn't include the azure/microsoft datacenter IP's.

When I set this back to 'enabled from all networks', I was able to access the data as the owner of the storage account as well as having the 'data blob storage' relevant roles.

Thanks for the help anyway, I will accept this as the solution.

View solution in original post

7 REPLIES 7
AndyDDC
Solution Sage
Solution Sage

Hi @jwlegacy when you converted the blog storage account to ADLS Gen2, did you then re-assign permissions?  I've tested created a blog storage account and converting to ADLS gen2, it won't connect unless I re-instate permissions in the IAM of the storage account

@AndyDDC Which roles do you refer to? I have re-instated the blob storage data owner role to test, it didn't change the outcome.

Can you try assigning Storage Blob Data Contributor?

I tried and nope, same error still.

Hi @jwlegacy 

 

Thanks for using Microsoft Fabric Community.

Apologies for the inconvenience.

A 403 error while accessing ADLS Gen2 in Fabric Lakehouse after creating a shortcut with your credentials indicates an authorization issue. Access control lists are used by Azure Data Lake Storage Gen2 to provide granular control over files and directories. Make sure that the user account trying to access the data or the Databricks service principal has the necessary read, write, or execute permissions set.

For more details please refer below links which might help you.

Link1 : Access control lists (ACLs) in Azure Data Lake Storage Gen2.

Link2 : 403 Access Denied authorization error in ADLS Gen2.

 

If the issue still persist, please do let us know. Glad to help.

 

I hope this information helps.

 

Thanks.

                                               : 

Hey @v-cboorla-msft and @AndyDDC ,

I have found the issue while trial & error'ing with a colleague of mine.

I didn't realize that having set the public network access on the storage account to 'enabled from selected virtual networks and IP addresses' (which can be found under Networking) which didn't include the azure/microsoft datacenter IP's.

When I set this back to 'enabled from all networks', I was able to access the data as the owner of the storage account as well as having the 'data blob storage' relevant roles.

Thanks for the help anyway, I will accept this as the solution.

Hi @jwlegacy 

 

Glad that you were able to find some insights and thank you for sharing the same with the community as it can be helpful to others.

Please continue using Fabric Community for further queries.

 

Thanks.

Helpful resources

Announcements
Expanding the Synapse Forums

New forum boards available in Synapse

Ask questions in Data Engineering, Data Science, Data Warehouse and General Discussion.

LearnSurvey

Fabric certifications survey

Certification feedback opportunity for the community.

April Fabric Update Carousel

Fabric Monthly Update - April 2024

Check out the April 2024 Fabric update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.