cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Governance
Join discussions on data governance practices, compliance, and security within the Databricks Community. Exchange strategies and insights to ensure data integrity and regulatory compliance.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Models signature inaccessible in Unity Catalog

owlleg6
New Contributor III

‎11-12-2023 02:49 AM

I am using Unity Catalog to store my models. My Unity Catalog meta-store is hosted in an Azure Storage Account, which has public network access disabled. Access is restricted to certain IP ranges and private endpoint connections only.

Recently, my development team has noticed that the signatures of the models are inaccessible, although we can access every table, volume, etc., using the Private Endpoint connected to the Storage Account. Interestingly, if I open the Storage Account to the public network, the model signatures become accessible. Could you please explain why all folders within the Unity Catalog meta-store are accessible except for the 'models' folder?

Preview file
26 KB
Preview file
369 KB
7 REPLIES 7

owlleg6
New Contributor III

‎11-12-2023 12:55 PM

MicrosoftTeams-image (9).png

This exception from mlflow when downloading artifact

owlleg6
New Contributor III
In response to Retired_mod

‎01-02-2024 03:03 AM

Hello, your moderators are deleting my previous replies, that's funny something is not working properly, i am trying to find out the solution but you are deleting the posts.
So, the issue is with a networking for sure, not with the permissions. Where can i raise a ticket? This is critical issue for my team, we have to disable public access to Storage Account.

Cheers

0 Kudos

Rikard007
New Contributor II

‎12-21-2023 01:23 PM

We are facing the same issue. We can’t reconsider security setup since that is enforced by IT security. Does anyone have suggestions on how to resolve this issue so we can save and access the signatures from models stored in UC? 

0 Kudos

lbdatauser
New Contributor II

‎01-12-2024 10:28 AM

I have the same problem. It must be a permissions issue. In my case, it happens when the models are under a schema that was created without indicating a specific "MANAGED LOCATION". In those cases, I also have problems trying to load a model. When the models are under a schema created with a particular "MANAGED LOCATION" all works ok for me.

0 Kudos

owlleg6
New Contributor III
In response to lbdatauser

‎02-28-2024 03:36 AM

Fair point, what if i don't want to use External Locations for Schemas where models will be stored? Why default Metastore location does not allow accessing signatures.

0 Kudos

myroslava
New Contributor II

3 weeks ago

Experiencing the same problem, when calling 

model_version_uri = "models:/catalog_name.schema_name.model_name/version"
first_version = mlflow.pyfunc.load_model(model_version_uri)
mlflow.store.artifact.cloud_artifact_repo: Failed to complete request, possibly due to credential expiration. Refreshing credentials and trying again...
 
My schema has MANAGED LOCATION but still - same problem. Did anybody succeed in fixing this?
0 Kudos

myroslava
New Contributor II

2 weeks ago

Got issue fixed:

The issue was with Private Endpoint: we had PE with dfs sub-resource only, but mlflow uses blob, so when I created PE with blob sub-resource - the issue was fixed. (also blob DNS zone and network link is needed)

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements