We have set up Azure Databricks with Unity Catalog (metastore) in an ADLS Gen2 storage account.
- Used Managed Identity (Databricks Access Connector) for connection from workspace(s) to ADLS Gen2
- ADLS Gen2 storage account has Storage Blob Data Owner and Storage Blob Data Contributor at the storage account level granted to the Databricks Access Connector
- ADLS Gen2 storage account set to have a private endpoint.
- Everything (workspaces, ADLS Gen2, etc) is in the same Azure region
Now in the Databricks Workspace that has been assigned to this metastore, we have the following background:
- Can create managed catalogs
- Can create schemas in catalogs
- Can create volumes in catalogs
- Can upload files to volume in catalog and verify on ADLS Gen2 the files are stored there
- Have all permissions set (perhaps over-set) on my personal access to the catalogs and metastore to allow connection (i.e., workspace all privileges, metastore all privileges, catalog all privileges)
- I am a Databricks account admin and the metastore admin
With all this, I cannot create tables in any catalog.
I get an error:
So as we have enabled a private endpoint on the ADLS Gen2 storage account (metastore), one clear place to look is that. But somehow I can add files to volumes there despite the private endpoint on the metastore.
So it makes me think it is something to do with the Databricks cluster I am using when I run the sql commands from a notebook. I have tried with both a single-user and shared access mode for the cluster, but same result.
Does this background and problem seem familiar to anyone else? Thanks!