Reputation: 11
Cannot setup credentials to run Azure Batch custom from Synapse pipeline
I just started working with Azure a month ago and I am dealing with many problems connecting the services to each other. So far, to make the storage, vm and synapse interact with each other I just set system assigned managed identities with the Contributor role but I can't find which role or what kind of permissions I need to make Synapse run custom activity in Batch. I got to created the linked service, and in validation I get no errors but when debug I keep getting
Error 2501: Cannot access user batch account; please check batch account settings.
{
"errorCode": "2501",
"message": "Operation returned an invalid status code 'Forbidden'",
"failureType": "UserError",
"target": "landing_to_raw",
"details": []
}
When I check the Linked Service to Batch I see a message right below the "system assigned managed identity" selection, which shows my synapse user/identity, the id and says that I should grant access to my Azure Batch instance.
Any help will be appreciated. Regards,
I tried to run a batch custom activity in synapse pipeline with no success. I expect that synapse gest to connect to Azure Batch
Upvotes: 1
Views: 134
Answers (1)
Reputation: 5297
When using system-assigned managed identity authentication, the Synapse workspace identity should have access to the batch account. If it doesn't have access, you will get the above error. To grant access, assign the Monitoring Contributor role to your Synapse workspace managed identity as follows:
Step 1: Go to the IAM of the batch account and click on "Add role assignment" as shown below:
Step 2: Search for the Monitoring Contributor role and select it, as shown below:
Step 3: Select the Managed Identity, as shown below:
After selecting the managed identity, click on the Review+assign button, and the role will be assigned successfully. After successful role assignment, when you test the batch account linked service, it will test successfully as shown below:
Then you will be able to run the pipeline successfully without any error.
Upvotes: 1
Related Questions
- Cannot access serverless SQL pool in Azure Synapse
- Azure Synapse - Connect to Azure SQL from Notebook using Managed identity
- Azure Synapse pipeline giving errors when triggered but runs fine if executed via Debug option
- Microsoft Azure Synapse deployed into Managed Resource Group cannot write to Storage Account when invoked via Trigger
- Azure Synapse Pipeline - Cannot bulk load Az Data-lake files into an Synapse Pool DB Table - Operating system error code 5(Access is denied.)
- Connecting Azure Synapse from Azure Databricks using User Assigned Managed Identity
- Azure Synapse Pipeline How to execute each file as sql script?
- Azure Synapse web activity calling "pipelineruns" rest api , fails with "failureType": "UserError"