cancel
Showing results for 
Search instead for 
Did you mean: 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot create vnet peering on Azure Databricks

zerodarkzone
New Contributor III

Hi,

I'm trying to create a VNET peering using to SAP hana using the default VNET created by databricks but it is not possible.

I'm getting the following error

No se pudo agregar el emparejamiento de red virtual "PeeringSAP" a "workers-vnet". Error: El cliente "" con el id. de objeto "" tiene permiso para realizar la acción "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write" en el ámbito "RG-DATADEM-BRICKS/providers/Microsoft.Network/virtualNetworks/workers-vnet/virtualNetworkPeerings/PeeringSAP'>workers-vnet/PeeringSAP"; sin embargo, se ha denegado el acceso debido a la asignación de denegación con el nombre "System deny assignment created by Azure Databricks /subscriptions/c267dfb6-05fb-/resourceGroups/RG-DATADEM/providers/Microsoft.Databricks/workspaces/DATADEM-WORKSPACE" y el id. "53b5b7cc6c2e4" en el ámbito "/subscriptions/c267dfb6-05fb-4e7e-8c16/resourceGroups/RG-DATADEM-BRICKS"

 

It lookks like the user doesn't have permissions to create a VNET peering on the databricks created resource group. But according to the documentation. This should be possible.

 

2 REPLIES 2

Kaniz_Fatma
Community Manager
Community Manager

Hi @zerodarkzone

  • Ensure that the user has the necessary permissions to manage network resources. Specifically, they should have the permission to perform the action "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write" within the scope of the resource group where Databricks is deployed.
  • The denial of access is related to an assignment named “System deny assignment created by Azure Databricks.”
  • Check if there are any custom policies or role assignments that might conflict with the VNET peering operation.
  • Review the permissions assigned to the user and verify that there are no conflicting deny assignments.
  • Sometimes, connectivity issues can prevent successful VNET peering.
  • Ensure that both the Databricks workspace and SAP HANA are correctly configured within their respective VNets.
  • Check if there are any network security groups (NSGs) or route tables affecting communication between the VNets.

The the user who is trying to do the peering is an Owner in the Azure account so he should have all the necessary permisions. It looks like the problem is because a deny assigment created by Azure databricks on the managed VNet.

Is it possible to do a VNet peering when the databricks Vnet is created inside the Databricks Managed resource group?

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group