cancel
Showing results for 
Search instead for 
Did you mean: 
Data Governance
Join discussions on data governance practices, compliance, and security within the Databricks Community. Exchange strategies and insights to ensure data integrity and regulatory compliance.
cancel
Showing results for 
Search instead for 
Did you mean: 

Models signature inaccessible in Unity Catalog

owlleg6
New Contributor III

I am using Unity Catalog to store my models. My Unity Catalog meta-store is hosted in an Azure Storage Account, which has public network access disabled. Access is restricted to certain IP ranges and private endpoint connections only.

Recently, my development team has noticed that the signatures of the models are inaccessible, although we can access every table, volume, etc., using the Private Endpoint connected to the Storage Account. Interestingly, if I open the Storage Account to the public network, the model signatures become accessible. Could you please explain why all folders within the Unity Catalog meta-store are accessible except for the 'models' folder?

7 REPLIES 7

owlleg6
New Contributor III

MicrosoftTeams-image (9).png

This exception from mlflow when downloading artifact

owlleg6
New Contributor III

Hello, your moderators are deleting my previous replies, that's funny something is not working properly, i am trying to find out the solution but you are deleting the posts.
So, the issue is with a networking for sure, not with the permissions. Where can i raise a ticket? This is critical issue for my team, we have to disable public access to Storage Account.

Cheers

Rikard007
New Contributor II

We are facing the same issue. We can’t reconsider security setup since that is enforced by IT security. Does anyone have suggestions on how to resolve this issue so we can save and access the signatures from models stored in UC? 

lbdatauser
New Contributor II

I have the same problem. It must be a permissions issue. In my case, it happens when the models are under a schema that was created without indicating a specific "MANAGED LOCATION". In those cases, I also have problems trying to load a model. When the models are under a schema created with a particular "MANAGED LOCATION" all works ok for me.

owlleg6
New Contributor III

Fair point, what if i don't want to use External Locations for Schemas where models will be stored? Why default Metastore location does not allow accessing signatures.

myroslava
New Contributor II

Experiencing the same problem, when calling 

model_version_uri = "models:/catalog_name.schema_name.model_name/version"
first_version = mlflow.pyfunc.load_model(model_version_uri)
mlflow.store.artifact.cloud_artifact_repo: Failed to complete request, possibly due to credential expiration. Refreshing credentials and trying again...
 
My schema has MANAGED LOCATION but still - same problem. Did anybody succeed in fixing this?

myroslava
New Contributor II

Got issue fixed:

The issue was with Private Endpoint: we had PE with dfs sub-resource only, but mlflow uses blob, so when I created PE with blob sub-resource - the issue was fixed. (also blob DNS zone and network link is needed)

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group