As the document indicates,
An Azure Databricks access connector is a first-party Azure resource that lets you connect managed identities to an Azure Databricks account. You must have the Contributor role or higher on the access connector resource in Azure to add the storage credential.
However, the Access Connector for Azure Databricks is created by Databricks when creating the Databricks workspace. It is in a Databricks managed resource group. Databricks added a Deny assignment rule to that resource group, so I cannot assign a Contributor role to the Azure service principal.
How can I bypass this limitation?
You have two ways to create a Storage Credential on Azure: with an Access Connector (preferred) or with a Service Principal.
What you mention is the Access Connector of the default storage inside the managed resource group. You can create a new Access Connector in any resource group and use that one to add a new ADLS.
I think we removed the possibility to use Service Principals from the UI but you should still be able to use them with the APIs if you really need to
(I work for Databricks)