Databricks Community

maikelos272 · ‎01-16-2024

Hello,

I am trying to create a Storage Credential. I have created the access connector and gave the managed identity "Storage Blob Data Owner" permissions. However when I want to create a storage credential I get the following error:

Creating a storage credential requires the contributor role over the corresponding access connector with ID
/subscriptions/655a2f34-****-****-b77d-f45e70210122/resourceGroups/sub-name/providers/Microsoft.Databricks/accessConnectors/connector-name. 
Please contact your account admin.

The problem is that in my organization I cannot get a Contributor role, furthermore I'm not even sure if it is required. I have done some further tests with a service principal and I get the following error when calling an API to get the storage credentials created:

databricks --log-level DEBUG --profile VNXSPT storage-credentials create --json '@.\storage-cred-vnx.json'
...
 "error_code": "RESOURCE_DOES_NOT_EXIST",
 "message": "Refresh token not found for userId: Some(4295475011008721)"
...

The above also doesn't work but in another environment I have tested this it worked without the SP having a contributor role on the access connector. How can I make this work with the contributor role?

maikelos272 · ‎01-18-2024

I have added the Contributor role to my Service principal and I still get the same error. I tried multiple auth options and multiple clients, including sending a request to the API itself. I know the token is correct as other API endpoints work just fine. Could you guys help?

2024-01-18 17_00_46-Create credentials - My Workspace.png

RTabur · ‎03-12-2024

Hi @maikelos272,

Did you manage to solve the problem? I have the same headache here...

I get the same error while trying to create the storage credentials. When I'm using my user token the credentials are successfully created but not with the SPN's token. The permissions are the same for me and the SPN.

Kim3 · ‎04-02-2024

Hi @Retired_mod

Can you elaborate on the error "Refresh token not found for userId"?

I have exactly the same problem as described in this thread. I am trying to create a storage credential using a Personal Access Token from a Service Principal. This results in 404 with the response body:

{
	"error_code": "RESOURCE_DOES_NOT_EXIST",
	"message": "Refresh token not found for userId: Some(2302042022180399)",
	"details": [
		{
			"@type": "type.googleapis.com/google.rpc.RequestInfo",
			"request_id": "d731471b-b6b8-41a9-bf77-993529733668",
			"serving_data": ""
		}
	]
}

When I use a Personal Access Token from my own user, the storage credential is created without error. Both the Service Principal and I have admin rights in Databricks and the Service Principal is Contributor on the Subscription.

subhash_1692 · ‎10-24-2024

Did someone find a solution?

{
	"error_code": "RESOURCE_DOES_NOT_EXIST",
	"message": "Refresh token not found for userId: Some(2302042022180399)",
	"details": [
		{
			"@type": "type.googleapis.com/google.rpc.RequestInfo",
			"request_id": "d731471b-b6b8-41a9-bf77-993529733668",
			"serving_data": ""
		}
	]
}

I am Also getting the same error which is giving me headache..

RTabur · ‎10-31-2024

I don't remember exactly how I solved this issue but I think I've added the following permissions on the metastore for the SPN through the Databricks API (you may not need all of them): CREATE_CATALOG, CREATE_CONNECTION, CREATE_EXTERNAL_LOCATION, CREATE_PROVIDER, CREATE_RECIPIENT, CREATE_SHARE, CREATE_STORAGE_CREDENTIAL

Please confirm if this solves your issue.