Databricks

maikelos272 · ‎01-16-2024

Hello,

I am trying to create a Storage Credential. I have created the access connector and gave the managed identity "Storage Blob Data Owner" permissions. However when I want to create a storage credential I get the following error:

Creating a storage credential requires the contributor role over the corresponding access connector with ID
/subscriptions/655a2f34-****-****-b77d-f45e70210122/resourceGroups/sub-name/providers/Microsoft.Databricks/accessConnectors/connector-name. 
Please contact your account admin.

The problem is that in my organization I cannot get a Contributor role, furthermore I'm not even sure if it is required. I have done some further tests with a service principal and I get the following error when calling an API to get the storage credentials created:

databricks --log-level DEBUG --profile VNXSPT storage-credentials create --json '@.\storage-cred-vnx.json'
...
 "error_code": "RESOURCE_DOES_NOT_EXIST",
 "message": "Refresh token not found for userId: Some(4295475011008721)"
...

The above also doesn't work but in another environment I have tested this it worked without the SP having a contributor role on the access connector. How can I make this work with the contributor role?

Kaniz · ‎01-17-2024

Hi @maikelos272,

Creating a Storage Credential with Contributor Role: According to the Azure documentation, the Azure user or service principal who creates the access connector must be a Contributor or Owner of an Azure resource group.

“Refresh token not found for userId” Error: This error typically occurs when the refresh token is no.... It could also be due to the user not being registered or the client SDK being outdated. You might want to check these aspects and ensure that the refresh token is correctly configured and valid.

Remember, when dealing with access and refresh tokens, it’s important to ensure that your applicatio....

maikelos272 · ‎01-18-2024

I have added the Contributor role to my Service principal and I still get the same error. I tried multiple auth options and multiple clients, including sending a request to the API itself. I know the token is correct as other API endpoints work just fine. Could you guys help?

RTabur · ‎03-12-2024

Hi @maikelos272,

Did you manage to solve the problem? I have the same headache here...

I get the same error while trying to create the storage credentials. When I'm using my user token the credentials are successfully created but not with the SPN's token. The permissions are the same for me and the SPN.

Kim3 · 4 weeks ago

Hi @Kaniz

Can you elaborate on the error "Refresh token not found for userId"?

I have exactly the same problem as described in this thread. I am trying to create a storage credential using a Personal Access Token from a Service Principal. This results in 404 with the response body:

{
	"error_code": "RESOURCE_DOES_NOT_EXIST",
	"message": "Refresh token not found for userId: Some(2302042022180399)",
	"details": [
		{
			"@type": "type.googleapis.com/google.rpc.RequestInfo",
			"request_id": "d731471b-b6b8-41a9-bf77-993529733668",
			"serving_data": ""
		}
	]
}

When I use a Personal Access Token from my own user, the storage credential is created without error. Both the Service Principal and I have admin rights in Databricks and the Service Principal is Contributor on the Subscription.

Databricks

Cannot create storage credential without Contributor role

Unity Catalog Lakeguard: Industry-first and only data governance for multi-user Apache™ Spark cluste

Announcing the General Availability of Databricks Asset Bundles

Register now and save 50% on training at Data + AI Summit!

How to successfully build GenAI applications

Meet DBRX, the New Standard for High-Quality LLMs