Share via

Issue with Synapse Linked Service and Storage Blob Data Contributor Role

Nguyen Luong 0 Reputation points
2024-10-17T06:47:53.26+00:00

Hi,

I’m encountering an issue when trying to open the Synapse Linked Service that was automatically created by Azure Data Lake Storage. The error message I’m receiving is:

“Please check permission on ... to make sure you have at least 'Storage Blob Data Contributor' role for the storage account '...'. If your access was recently granted, please refresh your credentials.”

Even though I have assigned the Storage Blob Data Contributor role for the storage account and refreshed the credentials several times, the issue persists. (See attached pictures for details.)

Screenshot 2024-10-17 at 1.32.20 AM

Screenshot 2024-10-17 at 12.52.57 AM

Has anyone else faced this problem or know how to resolve it? Any help or insights would be greatly appreciated!

Thank you!

Azure Storage
Azure Storage
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nehruji R 8,186 Reputation points Microsoft External Staff Moderator
    2024-10-17T11:59:32.3033333+00:00

    Hello Nguyen Luong,

    Greetings! Welcome to Microsoft Q&A Platform.

    The error you are encountering indicates that the request being made from your notebook or pipeline is not authorized to perform the operation with the given permission. There could be a few reasons for this:

    Double-check the permissions assigned to the service principal being used by your notebook or pipeline. Ensure that it has the necessary permissions.

    Synapse notebooks use Azure Active Directory (Azure AD) pass-through to access the ADLS Gen2 accounts. If you are running the notebook directly on the synapse, your account needs Storage Blob Data Contributor to access the ADLS Gen2 account (or folder).

    If you are running the notebook via the pipeline, the synapse workspace managed service identity needs Storage Blob Data Contributor to access the ADLS Gen2 account (or folder).

    Please check if you provided the storage blob data contributor access

    Similar thread for reference - https://learn.microsoft.com/en-us/answers/questions/1489213/storage-blob-data-contributor-role-and-synapse-ana

    https://techcommunity.microsoft.com/t5/azure-synapse-analytics-blog/using-the-workspace-msi-to-authenticate-a-synapse-notebook-when/ba-p/2330029

    Troubleshooting docs for reference - https://learn.microsoft.com/en-us/azure/data-factory/connector-troubleshoot-azure-data-lake, https://learn.microsoft.com/en-us/power-apps/maker/data-platform/azure-synapse-link-data-lake

    Hope this information helps! Please let us know if you have any queries to further help with more details.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.