cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Service Account Access granted still getting as User does not have USE SCHEMA on Schema

Go to solution
raghunathr
New Contributor III

‎08-07-2024 03:50 PM

Hi All, 

We have ran into scenario, where Azure Data Factory connecting to Azure Data Bricks through linkedServices, 

Where its trying to connect with System Assigned Managed Identity (SAMI). 

Specific SAMI added to compute and unity catalog for usage.

show grants `6b3xxxx-0xx9-4xx4-axx9-bxxxxxxbc` on schema dev.uef_db;

-----------------------------
Principal	                        ActionType	ObjectType	ObjectKey
6b3xxxx-0xx9-4xx4-axx9-bxxxxxxbc	USE SCHEMA	CATALOG	        dev

But, still when we try to query or execute any notebooks from ADF LinkedServices (compute/delta lake connector)

User does not have USE SCHEMA on Schema 'dev.uef_db'. SQLSTATE: 42501

Any idea, where we missing permissions.

Thanks in Advance.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Kaniz_Fatma
Community Manager
Community Manager

‎08-09-2024 04:34 AM

Hi @raghunathr, To resolve this, ensure the SAMI has the necessary permissions on both the Databricks workspace and Unity Catalog, particularly the USE SCHEMA permission on dev.uef_db, and confirm it has the Contributor role in Databricks. Also, verify that the ADF linked service is configured to use SAMI for authentication, and consider granting additional permissions like SELECT, INSERT, UPDATE, and DELETE if needed. Finally, review Databricks access control to ensure proper SAMI access to compute resources and the Unity Catalog.

View solution in original post

3 REPLIES 3

Go to solution
Kaniz_Fatma
Community Manager
Community Manager

‎08-09-2024 04:34 AM

Hi @raghunathr, To resolve this, ensure the SAMI has the necessary permissions on both the Databricks workspace and Unity Catalog, particularly the USE SCHEMA permission on dev.uef_db, and confirm it has the Contributor role in Databricks. Also, verify that the ADF linked service is configured to use SAMI for authentication, and consider granting additional permissions like SELECT, INSERT, UPDATE, and DELETE if needed. Finally, review Databricks access control to ensure proper SAMI access to compute resources and the Unity Catalog.

Go to solution
raghunathr
New Contributor III

‎08-10-2024 02:00 PM

Thanks @Kaniz_Fatma .. We found issue. SAMI given permission but it was managed and registered MI instead of using application/object id we were using MI directly. Its solved.

0 Kudos

Go to solution
raghunathr
New Contributor III

‎08-12-2024 02:21 PM

Still we have trouble on external_storage location now. 

That specific Managed Identity which added to Databricks Resource now got everything needed for Unity Catalog DEV/Tables. But, Even in External Location that SPN added but still getting error as 

py4j.protocol.Py4JJavaError: An error occurred while calling o513.load. : com.databricks.sql.managedcatalog.acl.UnauthorizedAccessException: PERMISSION_DENIED: User does not have READ FILES on External Location 'dev_raw_b002'.

Any idea where its going wrong again ? @Kaniz_Fatma 

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements