cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Help
Community Platform Discussions
Connect with fellow community members to discuss general topics related to the Databricks platform, industry trends, and best practices. Share experiences, ask questions, and foster collaboration within the community.
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

DLT Online Table with VNnet Enable on Blob Storage Get 403 Issue

Go to solution
samlexrod
New Contributor III

‎07-18-2024 04:19 PM - edited ‎07-18-2024 04:24 PM

I am trying to create an online table in a Unity catalog. However, I get a GET, 403 error. 

 

DataPlaneException: Failed to start the DLT service on cluster . Please check the stack trace below or driver logs for more details.
com.databricks.pipelines.execution.service.UCContextInitializationException: Failed to initialize the UCContext
com.databricks.pipelines.common.CustomException: [DLT ERROR CODE: EXECUTION_SERVICE_STARTUP_FAILURE.STORAGE_PERMISSION_ISSUE] Operation failed: "This request is not authorized to perform this operation.", 403, GET

 

  • This error only happens when I set my ADLS Gen 2 Networking Public network access settings to Enabled from selected virtual networks and IP addresses.
  • The online table gets created When I Enable it from all networks.

I have the correct access control using the unity-catalog-access-connector with Storage Blob Data Contributor.

My Databricks workspace is set up in a VNet with two subnets: the private and the public. These two subnets are white-listed in the network settings of my ADSL Gen2 in the Virtual Networks section of the Networking settings.

Yet, the only way I can set up the DLT Online Table is by setting my Blob storage to Enable it form all networks. How do I do this without Enabling it to all networks?

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
samlexrod
New Contributor III

‎07-19-2024 12:39 PM

I figured it out. It was because of the Network Connectivity Configurations. I did not have one setup with a private endpoint connection to the ADLS Gen2.  I followed the instructions here: https://learn.microsoft.com/en-us/azure/databricks/security/network/serverless-network-security/serv... and it is now working with the VNet integrated. 

Thank you @Retired_mod for your time. 

 

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
samlexrod
New Contributor III
In response to Retired_mod

‎07-19-2024 10:41 AM

Hi @Retired_mod, Thank you for the fast response.

I believe I have whitelisted the network correctly. I managed to create the metastore and assign to the workspace. I also have the ability to create tables in the ADLS Gen2 unitycatalog container assigned to the metastore. The only thing that does not work is creating the online table. 

Here is a screenshot of the VNet whitelisting. Perhaps the creation of the online table is not using the unity connector to access the resource. I have included a screenshot of the IAM role assigned to the blob storage.

Screenshot 2024-07-19 at 1.25.47 PM.png

Screenshot 2024-07-19 at 1.39.45 PM.png

0 Kudos

Go to solution
samlexrod
New Contributor III

‎07-19-2024 12:39 PM

I figured it out. It was because of the Network Connectivity Configurations. I did not have one setup with a private endpoint connection to the ADLS Gen2.  I followed the instructions here: https://learn.microsoft.com/en-us/azure/databricks/security/network/serverless-network-security/serv... and it is now working with the VNet integrated. 

Thank you @Retired_mod for your time. 

 
0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements
Top