Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
Binu
Microsoft Employee
Microsoft Employee

CdsaUserStorageOwnerRoleRequiredException error when configuring ADLSGen2 in MS Fabric Workspace

‎07-01-2024 11:52 PM
Hi , 
We are trying to configure ADLS Gen2 with our Microsoft Fabric Workspace ( To take backups of the semantic models)
We have taken care of all the pre requisites as mentioned below
 
The user who is setting up this connection has below roles
Fabric WorkSpace - Admin
ADLS Gen 2 - Owner , Storage Blob Data Owner , Storage Blob Data Contributor
 
The ADLS Gen 2 is in the same Tenant And Region as our Microsoft Fabric Workspace
Hierarchical Namespace (HNS) is enabled in ADLS Gen 2
TLS (Transport Layer Security) version 1.2 is set on the ADLS Gen 2
 
However , when configuring the ADLS Gen 2 in our Fabric workspace , we are getting the below error
"CdsaUserStorageOwnerRoleRequiredException: You can't connect to this storage account because you don't have the necessary role-based-access-control (RBAC) permissions. Make sure you're assigned the owner role for this storage account, and try again"
 
Not sure why we are getting the above error , as the user is already an Owner on the stoarge account.
Message 1 of 4
424 Views
0
3 REPLIES 3
TBBD
Regular Visitor

‎10-07-2024 12:42 PM

Hi Fabric Community,

 

I’m encountering an issue while trying to configure Azure Data Lake Storage Gen2 (ADLS Gen2) in my MS Fabric Workspace. The specific error I’m getting is:

CdsaUserStorageOwnerRoleRequiredException

I’ve ensured that the necessary roles and permissions are set on my ADLS Gen2 account, but the issue persists. If anyone has encountered this error or knows the steps to resolve it, I would greatly appreciate your guidance or any resources that could help.

 

Thanks in advance for your support!

 

Best regards,
Moazzem Hossain

 

Message 4 of 4
170 Views
0
v-zhengdxu-msft
Community Support
Community Support

‎07-22-2024 10:47 PM

Hi @Binu 

 

Have you solved your problem? If so, can you share your solution here and mark the correct answer as a standard answer to help other members find it faster?

If not, here are some steps to troubleshoot and resolve the issue:

 

Ensure that the user's roles (Owner, Storage Blob Data Owner, Storage Blob Data Contributor) are correctly assigned at the correct scope. The roles should be assigned directly to the user on the ADLS Gen2 account, not just to a group the user is part of.

Sometimes there can be a delay in the propagation of role assignments in Azure. Wait a few minutes and then try again. If it's been recently assigned, you might need to wait longer or refresh your permissions.
Verify that the ADLS Gen2 account and the Microsoft Fabric Workspace are in the same Azure subscription. Permissions are subscription-specific.

The error might be due to the way the user is trying to access the storage account. If the user is part of a group with the required permissions, try assigning the roles directly to the user instead of through a group.

Even though the user is an owner, there might be additional RBAC permissions set at the blob level that are restricting access. Check for any explicit denies at the blob/container level.
Ensure that both the ADLS Gen2 account and the Microsoft Fabric Workspace are in the same Azure Active Directory tenant.
If MFA is enabled for the user, ensure that the user has completed the MFA process before attempting to configure the connection.
Try revoking all the roles from the user and then reassigning them to see if that resolves the issue.
Sometimes using the Azure Portal to configure the storage account connection can provide more detailed error messages or insights into the problem.
There might be Azure policies in place that restrict certain operations on the storage account, even for users with owner permissions.

 

 

 

Best Regards

Zhengdong Xu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 3 of 4
314 Views
0
alejgarza
Microsoft Employee
Microsoft Employee

‎07-02-2024 02:44 PM

Having same issue

Message 2 of 4
374 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All