Trouble with Azure Synapse: pipeline cannot execute a stored procedure that works in Develop script
I will give some context regarding our inconvenience in Azure Synapse:
- We created a Stored Procedure (it creates a VIEW which reads all the parquet files in a certain folder) on a Develop script, and it ran successfully.
- We also created the VIEW manually, also successfully, in a database created in Serverless SQL Pool.
- The container where the data is currently has Private Access Level. My user has Storage blob data contributor.
- Moving on to the Azure Synapse pipeline, we can use Copy Data to get new parquet files inserted into the Container (ADLS Gen2).
- When we want to run everything on Integrate (Synapse pipeline) an error pops up:
{ "errorCode": "2402", "message": "Execution fail against sql server. Please contact SQL Server team if you need further support. Sql error number: 13807. Error Message: Content of directory on path 'https://xxx.blob.core.windows.net/data/folder/*.parquet' cannot be listed.
If we switch the Container's Access level to public, everything works smoothly, but we want to keep it Private.
Is there anything else we should do in order to make our Synapse pipeline work correctly? Any additional permissions setup or else?
Thank you so much in advance.
Regards,
Mateo
I tried to reproduce the issue and got similar error.
As per Microsoft documentation the error it says that the user who's querying Azure Data Lake can't list the files in storage.
- The user of Azure AD who is utilizing pass-through authentication from Azure AD is not authorized to show the files in Data Lake Storage.
- The shared access signature key or workspace managed identity being used by the Azure AD or SQL user to view data does not have authorization to list the files in storage.
Give Storage Blob Data Contributor role to your synapse workspace.
Go to Storage account => Access Control (IAM) => Add role assignment => Select Role: Storage Blob Data Contributor Select: your workspace name => Click on save.
OR
To Get the data from Private containers you need to give authorize access of it to data DataSource when using it from pipeline. for this you can use Access key, Shared access credentials to give this credential to DataSource you need to create scoped credential. But you can't create Scoped credentials in Serverless SQL pool you have to use Dedicated SQL pool.
The work around is to use Dedicated SQL pool.
CREATE DATABASE SCOPED CREDENTIAL SasToken
WITH IDENTITY = 'SHARED ACCESS SIGNATURE',
SECRET = 'SAS token';
GO
CREATE EXTERNAL DATA SOURCE mysample1
WITH ( LOCATION = 'storage account',
CREDENTIAL = SasToken
)
now you can create stored procedure to create view and then execute it from stored procedure or scrip activity in pipeline.
- Access Sharepoint Online Files from .NET Worker Service via Microsoft Graph/OAuth - Unauthorized or Access Denied error (401)
- Get-RemoteDomain in powershell exchange online error : The term 'Get-RemoteDomain' is not recognized as the name of a cmdlet
- Is there a query to run so I can get a list of users who has NOT logged in, in the past 30 days?
- Azure Storage accounts container public access level has dissabled
- How to get "exp" from jwt token and compare with it current time to check if token is expired
- How to refresh client assertion in ConfidentialClientApplication?
- Enforce MFA for specific API called from SPFx via AADTokenProvider (Even with SPO MFA)
- How to extract TLS 1.X of all app services/web app running Azure
- Why Can't I See Roles Assigned to an App Registration in Azure?
- Connect C# ASP.NET Core web app to Microsoft Graph calendar
- Is there a way to find out all users of a particular group in AzureAD?
- MSAL Redirect on Failure AADSTS50105
- Microsoft Power BI REST API PowerBINotAuthorizedException
- AzureAD SAML SSO through AWS Cognito - doesn't match requested authentication method
- How to get username after logged in?.I am trying with MSAL (@azure/msal-angular) for Azure Signin
- Display all the user's files using Microsoft Graph API not working
- Get Access Token from Microsoft Graph for ClientId with delegated permissions
- How to call Microsoft Graph API from ASP.NET Core Web API that is called by SPA
- add-kdsrootkey error the request is not supported
- AADSTS50011: The redirect URI http does not match the redirect URIs
- Access Token Issuer from Azure AD is sts.windows.net Instead Of login.microsoftonline.com
- Getting user data through an Azure AD OAuth login - React Native Expo App
- HTTP request to update Service Principal Entra
- on-behalf-of flow, getting error AADSTS50013 while acquiring obo token
- Azure AD B2C Password Reset
- ASP.NET Core 5 WebAPI - Azure AD - Call Graph API Using Azure Ad Access Token
- Programmatically Assign Exchange Roles to a Group in Azure AD using Microsoft Graph API
- "AADSTS900144: The request body must contain the following parameter: 'grant_type'.?
- Signature validation of my Azure access-token, Private-key?
- Entra ID OIDC Failed Auth Attempt Logs