Showing results for 
Search instead for 
Did you mean: 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
Showing results for 
Search instead for 
Did you mean: 

Cannot create vnet peering on Azure Databricks

New Contributor III


I'm trying to create a VNET peering using to SAP hana using the default VNET created by databricks but it is not possible.

I'm getting the following error

No se pudo agregar el emparejamiento de red virtual "PeeringSAP" a "workers-vnet". Error: El cliente "" con el id. de objeto "" tiene permiso para realizar la acción "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write" en el ámbito "RG-DATADEM-BRICKS/providers/Microsoft.Network/virtualNetworks/workers-vnet/virtualNetworkPeerings/PeeringSAP'>workers-vnet/PeeringSAP"; sin embargo, se ha denegado el acceso debido a la asignación de denegación con el nombre "System deny assignment created by Azure Databricks /subscriptions/c267dfb6-05fb-/resourceGroups/RG-DATADEM/providers/Microsoft.Databricks/workspaces/DATADEM-WORKSPACE" y el id. "53b5b7cc6c2e4" en el ámbito "/subscriptions/c267dfb6-05fb-4e7e-8c16/resourceGroups/RG-DATADEM-BRICKS"


It lookks like the user doesn't have permissions to create a VNET peering on the databricks created resource group. But according to the documentation. This should be possible.



Community Manager
Community Manager

Hi @zerodarkzone

  • Ensure that the user has the necessary permissions to manage network resources. Specifically, they should have the permission to perform the action "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write" within the scope of the resource group where Databricks is deployed.
  • The denial of access is related to an assignment named “System deny assignment created by Azure Databricks.”
  • Check if there are any custom policies or role assignments that might conflict with the VNET peering operation.
  • Review the permissions assigned to the user and verify that there are no conflicting deny assignments.
  • Sometimes, connectivity issues can prevent successful VNET peering.
  • Ensure that both the Databricks workspace and SAP HANA are correctly configured within their respective VNets.
  • Check if there are any network security groups (NSGs) or route tables affecting communication between the VNets.

The the user who is trying to do the peering is an Owner in the Azure account so he should have all the necessary permisions. It looks like the problem is because a deny assigment created by Azure databricks on the managed VNet.

Is it possible to do a VNet peering when the databricks Vnet is created inside the Databricks Managed resource group?

Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!