cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Cannot create vnet peering on Azure Databricks

zerodarkzone
New Contributor III

‎04-05-2024 02:53 PM

Hi,

I'm trying to create a VNET peering using to SAP hana using the default VNET created by databricks but it is not possible.

I'm getting the following error

No se pudo agregar el emparejamiento de red virtual "PeeringSAP" a "workers-vnet". Error: El cliente "" con el id. de objeto "" tiene permiso para realizar la acción "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write" en el ámbito "RG-DATADEM-BRICKS/providers/Microsoft.Network/virtualNetworks/workers-vnet/virtualNetworkPeerings/PeeringSAP'>workers-vnet/PeeringSAP"; sin embargo, se ha denegado el acceso debido a la asignación de denegación con el nombre "System deny assignment created by Azure Databricks /subscriptions/c267dfb6-05fb-/resourceGroups/RG-DATADEM/providers/Microsoft.Databricks/workspaces/DATADEM-WORKSPACE" y el id. "53b5b7cc6c2e4" en el ámbito "/subscriptions/c267dfb6-05fb-4e7e-8c16/resourceGroups/RG-DATADEM-BRICKS"

 

It lookks like the user doesn't have permissions to create a VNET peering on the databricks created resource group. But according to the documentation. This should be possible.

 

0 Kudos
2 REPLIES 2

Kaniz_Fatma
Community Manager
Community Manager

‎04-07-2024 10:44 PM

Hi @zerodarkzone

  • Ensure that the user has the necessary permissions to manage network resources. Specifically, they should have the permission to perform the action "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write" within the scope of the resource group where Databricks is deployed.
  • The denial of access is related to an assignment named “System deny assignment created by Azure Databricks.”
  • Check if there are any custom policies or role assignments that might conflict with the VNET peering operation.
  • Review the permissions assigned to the user and verify that there are no conflicting deny assignments.
  • Sometimes, connectivity issues can prevent successful VNET peering.
  • Ensure that both the Databricks workspace and SAP HANA are correctly configured within their respective VNets.
  • Check if there are any network security groups (NSGs) or route tables affecting communication between the VNets.
0 Kudos

zerodarkzone
New Contributor III
In response to Kaniz_Fatma

‎04-08-2024 06:55 AM

The the user who is trying to do the peering is an Owner in the Azure account so he should have all the necessary permisions. It looks like the problem is because a deny assigment created by Azure databricks on the managed VNet.

Is it possible to do a VNet peering when the databricks Vnet is created inside the Databricks Managed resource group?

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements