Unity Catalog storage credential fails although same Access Connector works in another credential
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2026 06:39 PM
In Azure Databricks Unity Catalog, I have two storage credentials that use the same connector_id / Azure Databricks Access Connector.
One credential works and can access ADLS Gen2 successfully, but the other fails with:
Both credentials appear to reference the same Access Connector. I have checked that the working credential can read/list/write the ADLS Gen2 path.
What could cause one Unity Catalog storage credential to work while another credential using the same Access Connector fails?
- Labels:
-
Spark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-28-2026 03:20 AM
I've never used this scenario before so I just tested the exact same scenario and it works correctly with two storage credentials using the same Access Connector:
cred1 → ext_1: abfss://data-test@data_test_storage.dfs.core.windows.net/path1/
cred2 → ext_2: abfss://data-test@data_test_storage.dfs.core.windows.net/path2/
Key points from my successful test:
- Same storage account + container (data-test@data_test_storage.
- Same Access Connector with Storage Blob Data Contributor role on entire storage account (not just container level)
- No path overlap between path1/ and path2/
- Same ADLS Gen2, same permissions, same workspace
Questions for troubleshooting your issue:
- Is the Access Connector permission assigned at storage account scope or just container level?
- Are both credentials using the exact same ADLS Gen2 storage account?
- Does cred_2 appear grayed out in Catalog Explorer (indicating workspace binding issue)?
- An most important Is this a privatized environment? If you have firewall enabled on the storage account, it can block access because the Access Connector can't reach from the matching network you're using to access this storage.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-29-2026 06:53 AM
Hi @kcyugesh
It might also be worth checking the privileges associated with each credential to see if they differ.
And secondly check the credential type on the credential, as a manaded identity in comparison to a service principle could have different Azure IAM grants for the the storage container.
