Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Get certified in Microsoft Fabric—for free! For a limited time, get a free DP-600 exam voucher to use by the end of 2024. Register now

Reply
Binu
Microsoft Employee
Microsoft Employee

CdsaUserStorageOwnerRoleRequiredException error when configuring ADLSGen2 in MS Fabric Workspace

Hi , 
We are trying to configure ADLS Gen2 with our Microsoft Fabric Workspace ( To take backups of the semantic models)
We have taken care of all the pre requisites as mentioned below
 
The user who is setting up this connection has below roles
Fabric WorkSpace - Admin
ADLS Gen 2 - Owner , Storage Blob Data Owner , Storage Blob Data Contributor
 
The ADLS Gen 2 is in the same Tenant And Region as our Microsoft Fabric Workspace
Hierarchical Namespace (HNS) is enabled in ADLS Gen 2
TLS (Transport Layer Security) version 1.2 is set on the ADLS Gen 2
 
However , when configuring the ADLS Gen 2 in our Fabric workspace , we are getting the below error
"CdsaUserStorageOwnerRoleRequiredException: You can't connect to this storage account because you don't have the necessary role-based-access-control (RBAC) permissions. Make sure you're assigned the owner role for this storage account, and try again"
 
Not sure why we are getting the above error , as the user is already an Owner on the stoarge account.
3 REPLIES 3
TBBD
Regular Visitor

Hi Fabric Community,

 

I’m encountering an issue while trying to configure Azure Data Lake Storage Gen2 (ADLS Gen2) in my MS Fabric Workspace. The specific error I’m getting is:

CdsaUserStorageOwnerRoleRequiredException

I’ve ensured that the necessary roles and permissions are set on my ADLS Gen2 account, but the issue persists. If anyone has encountered this error or knows the steps to resolve it, I would greatly appreciate your guidance or any resources that could help.

 

Thanks in advance for your support!

 

Best regards,
Moazzem Hossain

 

v-zhengdxu-msft
Community Support
Community Support

Hi @Binu 

 

Have you solved your problem? If so, can you share your solution here and mark the correct answer as a standard answer to help other members find it faster?

If not, here are some steps to troubleshoot and resolve the issue:

 

Ensure that the user's roles (Owner, Storage Blob Data Owner, Storage Blob Data Contributor) are correctly assigned at the correct scope. The roles should be assigned directly to the user on the ADLS Gen2 account, not just to a group the user is part of.

Sometimes there can be a delay in the propagation of role assignments in Azure. Wait a few minutes and then try again. If it's been recently assigned, you might need to wait longer or refresh your permissions.
Verify that the ADLS Gen2 account and the Microsoft Fabric Workspace are in the same Azure subscription. Permissions are subscription-specific.

The error might be due to the way the user is trying to access the storage account. If the user is part of a group with the required permissions, try assigning the roles directly to the user instead of through a group.

Even though the user is an owner, there might be additional RBAC permissions set at the blob level that are restricting access. Check for any explicit denies at the blob/container level.
Ensure that both the ADLS Gen2 account and the Microsoft Fabric Workspace are in the same Azure Active Directory tenant.
If MFA is enabled for the user, ensure that the user has completed the MFA process before attempting to configure the connection.
Try revoking all the roles from the user and then reassigning them to see if that resolves the issue.
Sometimes using the Azure Portal to configure the storage account connection can provide more detailed error messages or insights into the problem.
There might be Azure policies in place that restrict certain operations on the storage account, even for users with owner permissions.

 

 

 

Best Regards

Zhengdong Xu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

alejgarza
Microsoft Employee
Microsoft Employee

Having same issue

Helpful resources

Announcements
November Carousel

Fabric Community Update - November 2024

Find out what's new and trending in the Fabric Community.

Live Sessions with Fabric DB

Be one of the first to start using Fabric Databases

Starting December 3, join live sessions with database experts and the Fabric product team to learn just how easy it is to get started.

Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.

Nov PBI Update Carousel

Power BI Monthly Update - November 2024

Check out the November 2024 Power BI update to learn about new features.