AD Passthrough authentication failing on Synapse Analytics Serverless Pool

Question

This is regarding the access issue that I am facing in reading the data residing in ADLS Gen-2 from Synapse Analytics Serverless Pool.

1. I have full access on Synapse Studio
2. I have "Storage Blob Data Contributor" on the container/folder where my parquet file is residing

While I try to below SQL ( with right ADLS name along with folder/container details)

SELECT TOP 100 * FROM OPENROWSET( BULK 'https://.dfs.core.windows.net/<container_name>////2009/DIM_INFO_2009.parquet', FORMAT='PARQUET' ) AS [result]

I get below message -

File 'https://.dfs.core.windows.net/<container_name>////2009/DIM_INFO_2009.parquet' cannot be opened because it does not exist or it is used by another process.

When I try the same scenario by creating the external table ( which points to the same parquet file) and uses MANAGED IDENTITY as credentials - the results are being displayed as expected.

So - I am wondering, what is causing this issue - when I try to run the SQL and make the results get displayed. I was hoping with having Storage Blob Data Contributor - it should allow me to access the data on ADLS from Synapse Studio Serverless Pool.

Any hints on what might be causing this issue ?

Answer 1

For AAD passthrough auth make sure you also follow these steps to allow Synapse Serverless to get past the ADLS firewall with an identity other than the MSI.

If the PowerShell approach above doesn’t appeal to you then it is also now available in the Azure Portal UI.