Databricks Community

zerodarkzone · ‎04-05-2024

Hi,

I'm trying to create a VNET peering using to SAP hana using the default VNET created by databricks but it is not possible.

I'm getting the following error

No se pudo agregar el emparejamiento de red virtual "PeeringSAP" a "workers-vnet". Error: El cliente "" con el id. de objeto "" tiene permiso para realizar la acción "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write" en el ámbito "RG-DATADEM-BRICKS/providers/Microsoft.Network/virtualNetworks/workers-vnet/virtualNetworkPeerings/PeeringSAP'>workers-vnet/PeeringSAP"; sin embargo, se ha denegado el acceso debido a la asignación de denegación con el nombre "System deny assignment created by Azure Databricks /subscriptions/c267dfb6-05fb-/resourceGroups/RG-DATADEM/providers/Microsoft.Databricks/workspaces/DATADEM-WORKSPACE" y el id. "53b5b7cc6c2e4" en el ámbito "/subscriptions/c267dfb6-05fb-4e7e-8c16/resourceGroups/RG-DATADEM-BRICKS"

It lookks like the user doesn't have permissions to create a VNET peering on the databricks created resource group. But according to the documentation. This should be possible.

zerodarkzone · ‎04-08-2024

The the user who is trying to do the peering is an Owner in the Azure account so he should have all the necessary permisions. It looks like the problem is because a deny assigment created by Azure databricks on the managed VNet.

Is it possible to do a VNet peering when the databricks Vnet is created inside the Databricks Managed resource group?