topic Re: PERMISSION_DENIED: Request for user delegation key is not authorized. in Administration & Architecture https://community.databricks.com/t5/administration-architecture/permission-denied-request-for-user-delegation-key-is-not/m-p/144044#M4731 <P><a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/110502">@szymon_dybczak</a>&nbsp;Can you provide a link to the documentation you noted? I confirmed this with my own testing, that the Storage Blob Delegator role must be at the ADLS account-level, and Storage Blob Data Reader can then be applied at the container-level. However, I couldn't find any documentation to support this.</P> Wed, 14 Jan 2026 14:23:36 GMT hietpas 2026-01-14T14:23:36Z PERMISSION_DENIED: Request for user delegation key is not authorized. https://community.databricks.com/t5/administration-architecture/permission-denied-request-for-user-delegation-key-is-not/m-p/143802#M4721 <P>I am attempting to copy files from an Azure Storage container using an Azure Databricks Volume. When attempting to list files using dbutils.fs.ls('<SPAN>/Volumes/myCatalog/mySchema/myVolume' I get the following error:<BR /><SPAN class="">ExecutionError: </SPAN><SPAN>(com.databricks.sql.managedcatalog.acl.UnauthorizedAccessException) PERMISSION_DENIED: Request for user delegation key is not authorized. Details: None</SPAN><BR /></SPAN></P><P>Note that this differs from previous error messages where a user has insufficient grants. I cannot find any other references to "delegation key" that address this.</P><P>The Volume is based on an External Location pointing to the ADLS container. I am using an access connector for Databricks identity, which has Storage Blob Data Reader role on the container. I granted READ VOLUME on the volume. I granted USE SCHEMA and USE CATALOG on the catalog containing the schema / volume. I granted BROWSE and READ FILES on the External Location. Within the catalog explore, I can test the External Location connection and confirm read access and files are listed. The Volume also displays the files. Any idea why the "delegation" might fail?</P><P>I previously tested a similar scenario and it worked.</P> Mon, 12 Jan 2026 20:27:03 GMT https://community.databricks.com/t5/administration-architecture/permission-denied-request-for-user-delegation-key-is-not/m-p/143802#M4721 hietpas 2026-01-12T20:27:03Z Re: PERMISSION_DENIED: Request for user delegation key is not authorized. https://community.databricks.com/t5/administration-architecture/permission-denied-request-for-user-delegation-key-is-not/m-p/143812#M4722 <P>Hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/192918">@hietpas</a>&nbsp;,</P><P>I think your access connector doesn't have sufficient permission to storage account. Check below documentation entry. Try to grant Storage Blob Data Contributor role for your connector.<BR /><BR /></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="szymon_dybczak_0-1768255094402.png" style="width: 400px;"><img src="https://community.databricks.com/t5/image/serverpage/image-id/22926i87B18623B540D917/image-size/medium?v=v2&amp;px=400" role="button" title="szymon_dybczak_0-1768255094402.png" alt="szymon_dybczak_0-1768255094402.png" /></span></P><P>&nbsp;</P> Mon, 12 Jan 2026 21:58:53 GMT https://community.databricks.com/t5/administration-architecture/permission-denied-request-for-user-delegation-key-is-not/m-p/143812#M4722 szymon_dybczak 2026-01-12T21:58:53Z Re: PERMISSION_DENIED: Request for user delegation key is not authorized. https://community.databricks.com/t5/administration-architecture/permission-denied-request-for-user-delegation-key-is-not/m-p/144044#M4731 <P><a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/110502">@szymon_dybczak</a>&nbsp;Can you provide a link to the documentation you noted? I confirmed this with my own testing, that the Storage Blob Delegator role must be at the ADLS account-level, and Storage Blob Data Reader can then be applied at the container-level. However, I couldn't find any documentation to support this.</P> Wed, 14 Jan 2026 14:23:36 GMT https://community.databricks.com/t5/administration-architecture/permission-denied-request-for-user-delegation-key-is-not/m-p/144044#M4731 hietpas 2026-01-14T14:23:36Z Re: PERMISSION_DENIED: Request for user delegation key is not authorized. https://community.databricks.com/t5/administration-architecture/permission-denied-request-for-user-delegation-key-is-not/m-p/144067#M4735 <P>Hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/192918">@hietpas</a>&nbsp;,</P><P>Sure, here it is:</P><P><A href="https://learn.microsoft.com/en-us/azure/databricks/connect/unity-catalog/cloud-storage/azure-managed-identities#grant" target="_blank">Use Azure managed identities in Unity Catalog to access storage - Azure Databricks | Microsoft Learn</A></P> Wed, 14 Jan 2026 16:36:56 GMT https://community.databricks.com/t5/administration-architecture/permission-denied-request-for-user-delegation-key-is-not/m-p/144067#M4735 szymon_dybczak 2026-01-14T16:36:56Z