cancel
Showing results for 
Search instead for 
Did you mean: 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot create storage credential without Contributor role

maikelos272
New Contributor II
Hello,

I am trying to create a Storage Credential. I have created the access connector and gave the managed identity "Storage Blob Data Owner" permissions. However when I want to create a storage credential I get the following error:

Creating a storage credential requires the contributor role over the corresponding access connector with ID
/subscriptions/655a2f34-****-****-b77d-f45e70210122/resourceGroups/sub-name/providers/Microsoft.Databricks/accessConnectors/connector-name.
Please contact your account admin.

The problem is that in my organization I cannot get a Contributor role, furthermore I'm not even sure if it is required. I have done some further tests with a service principal and I get the following error when calling an API to get the storage credentials created:

databricks --log-level DEBUG --profile VNXSPT storage-credentials create --json '@.\storage-cred-vnx.json'
...
 "error_code": "RESOURCE_DOES_NOT_EXIST",
 "message": "Refresh token not found for userId: Some(4295475011008721)"
...
 
The above also doesn't work but in another environment I have tested this it worked without the SP having a contributor role on the access connector. How can I make this work with the contributor role?
3 REPLIES 3

maikelos272
New Contributor II

I have added the Contributor role to my Service principal and I still get the same error. I tried multiple auth options and multiple clients, including sending a request to the API itself. I know the token is correct as other API endpoints work just fine. Could you guys help?

2024-01-18 17_00_46-Create credentials - My Workspace.png

 

RTabur
New Contributor II

Hi @maikelos272,

Did you manage to solve the problem? I have the same headache here...

I get the same error while trying to create the storage credentials. When I'm using my user token the credentials are successfully created but not with the SPN's token. The permissions are the same for me and the SPN.

Kim3
New Contributor II

Hi @Retired_mod 

Can you elaborate on the error "Refresh token not found for userId"?

I have exactly the same problem as described in this thread. I am trying to create a storage credential using a Personal Access Token from a Service Principal. This results in 404 with the response body:

 

{
	"error_code": "RESOURCE_DOES_NOT_EXIST",
	"message": "Refresh token not found for userId: Some(2302042022180399)",
	"details": [
		{
			"@type": "type.googleapis.com/google.rpc.RequestInfo",
			"request_id": "d731471b-b6b8-41a9-bf77-993529733668",
			"serving_data": ""
		}
	]
}

 

When I use a Personal Access Token from my own user, the storage credential is created without error. Both the Service Principal and I have admin rights in Databricks and the Service Principal is Contributor on the Subscription.

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group