Reputation: 343
Reading/writing data in one azure gen2 storage account in multiple paths using multiple linked services in synapse notebook
Reading/writing data in one azure gen2 storage account in multiple paths using multiple linked services in synapse notebook. we can't read with single linked service as we have multiple SPN which has the access to all the paths.
Steps I followed to implement the same
1. Created a multiple linked service pointing to the gen2 storages using varies SPN1 , SPN2
linked_service_name = 'ln_spn1_path_1'
spark.conf.set('spark.storage.synapse.linkedServiceName',linked_service_name)
spark.conf.set('fs.azure.account.oauth.provider.type','com.microsoft.azure.synapse.tokenlibrary.LinkedServiceBasedTokenProvider')
Created linked service ln_spn2_path_2 using spn 2 and pointing to the path2
**linked_service_name = 'ln_spn2_path_2' spark.conf.set('spark.storage.synapse.linkedServiceName',linked_service_name) spark.conf.set('fs.azure.account.oauth.provider.type','com.microsoft.azure.synapse.tokenlibrary.LinkedServiceBasedTokenProvider')
mssparkutils.fs.ls("abfss://[email protected]/path2")**
If above both the commonds run in same synapse notebook so we will get the below error which ever we run later
Py4JJavaError: An error occurred while calling z:mssparkutils.fs.ls. : java.nio.file.AccessDeniedException: Operation failed: "This request is not authorized to perform this operation using this permission.", 403, GET, AuthorizationPermissionMismatch, "This request is not authorized to perform this operation using this permission. RequestId:8853fd20-001f-0018-0347-bf3712000000 Time:2021-10-12T08:57:13.0513182Z"
Can we read the data using to different linked services in same notebook?
Upvotes: 1
Views: 3119
Answers (1)
Reputation: 12788
UPDATE: I had tested on azure gen2 storage account in multiple paths using multiple linked services in synapse notebook.
Linked service: ADLSGen2_chepra with the notebook named Linked_service_name
Linked service: AzureDataLakeStorage_chepragen2 with the notebook named Linked_service_name
Note: Storage Blob Data Contributor: Use to grant read/write/delete permissions to Blob storage resources.
If you are not assigning "Storage Blob Data Contributor" to other synapse users, they will be not able to access the data from ADLS gen2 due to the lack of permission on the storage account.
If they try to access data from ADLS gen2 without the "Storage Blob Data Contributor" role on the storage account, they will receive the following error message:
Py4JJavaError: An error occurred while calling z:mssparkutils.fs.ls. : java.nio.file.AccessDeniedException: Operation failed: "This request is not authorized to perform this operation using this permission.", 403
Reference: Grant permissions to workspace managed identity.
Upvotes: 0
Related Questions
- Microsoft Azure Synapse deployed into Managed Resource Group cannot write to Storage Account when invoked via Trigger
- Access Azure Storage account via Synapse through Managed Identity
- Attempting to Read parcquet files on linked storage in Azure Synapse
- Azure datalake storage account
- Can we save the mount point in azure synapse
- Reading Storage account in Synapse notebook: error occurred while calling z:mssparkutils.fs.ls
- Single Instance Azure Synapse with Multiple Environments
- Provide multiple paths in the azure function path bindings for storage
- Multiple VM's using the same storage accounts in Azure
- Azure - Multiple Cloud Services, Single Storage Account