cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Service Account Access granted still getting as User does not have USE SCHEMA on Schema

raghunathr
New Contributor III

‎08-07-2024 03:50 PM

Hi All, 

We have ran into scenario, where Azure Data Factory connecting to Azure Data Bricks through linkedServices, 

Where its trying to connect with System Assigned Managed Identity (SAMI). 

Specific SAMI added to compute and unity catalog for usage.

show grants `6b3xxxx-0xx9-4xx4-axx9-bxxxxxxbc` on schema dev.uef_db;

-----------------------------
Principal	                        ActionType	ObjectType	ObjectKey
6b3xxxx-0xx9-4xx4-axx9-bxxxxxxbc	USE SCHEMA	CATALOG	        dev

But, still when we try to query or execute any notebooks from ADF LinkedServices (compute/delta lake connector)

User does not have USE SCHEMA on Schema 'dev.uef_db'. SQLSTATE: 42501

Any idea, where we missing permissions.

Thanks in Advance.

0 Kudos
3 REPLIES 3

Retired_mod
Esteemed Contributor III

‎08-09-2024 04:34 AM

Hi @raghunathr, To resolve this, ensure the SAMI has the necessary permissions on both the Databricks workspace and Unity Catalog, particularly the USE SCHEMA permission on dev.uef_db, and confirm it has the Contributor role in Databricks. Also, verify that the ADF linked service is configured to use SAMI for authentication, and consider granting additional permissions like SELECT, INSERT, UPDATE, and DELETE if needed. Finally, review Databricks access control to ensure proper SAMI access to compute resources and the Unity Catalog.

raghunathr
New Contributor III

‎08-10-2024 02:00 PM

Thanks @Retired_mod .. We found issue. SAMI given permission but it was managed and registered MI instead of using application/object id we were using MI directly. Its solved.

0 Kudos

raghunathr
New Contributor III

‎08-12-2024 02:21 PM

Still we have trouble on external_storage location now. 

That specific Managed Identity which added to Databricks Resource now got everything needed for Unity Catalog DEV/Tables. But, Even in External Location that SPN added but still getting error as 

py4j.protocol.Py4JJavaError: An error occurred while calling o513.load. : com.databricks.sql.managedcatalog.acl.UnauthorizedAccessException: PERMISSION_DENIED: User does not have READ FILES on External Location 'dev_raw_b002'.

Any idea where its going wrong again ? @Retired_mod 

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements
Top