cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Get Started Discussions
Start your journey with Databricks by joining discussions on getting started guides, tutorials, and introductory topics. Connect with beginners and experts alike to kickstart your Databricks experience.
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Deny assignment modification to allow attach/detach of disks in azure databricks

Lucidity
New Contributor II

Our application does storage autoscaling on Azure. We would like to deploy our solution with Azure databricks. But even though the service principal associated with our application has the necessary roles and permissions to attach/detach a disk from a VM, its unable to do because of the deny assignment created by databricks on azure. Is there a way to modify the deny assignment or get the service principal associated with our appplication in the exludePrincipal section of the deny assignment.

If this is not possible, does databricks itself provides api's to attach / detach a disk from a VM

1 ACCEPTED SOLUTION

Accepted Solutions

Ayushi_Suthar
Databricks Employee
Databricks Employee

Hi @Lucidity , Thanks for bringing up your concerns, always happy to help ๐Ÿ˜

According to the provided information, it seems that you are attempting to modify the disk resources. However, access is being denied due to a deny assignment. This denial is occurring because the resources are within a managed resource group (MRG). When attempting to make changes to a managed resource group or its associated resources, users encounter system deny assignment errors.

Under a managed resource group, users have restricted access. These MRGs are established during workspace creation and are under the control of Databricks management. No alterations or modifications can be applied to the MRG itself or the resources within it.

Please refer this document for the more details: https://learn.microsoft.com/en-us/azure/role-based-access-control/deny-assignments

Please let me know if this helps and leave a like if this helps, followups are appreciated.
Kudos
Ayushi

View solution in original post

2 REPLIES 2

Ayushi_Suthar
Databricks Employee
Databricks Employee

Hi @Lucidity , Thanks for bringing up your concerns, always happy to help ๐Ÿ˜

According to the provided information, it seems that you are attempting to modify the disk resources. However, access is being denied due to a deny assignment. This denial is occurring because the resources are within a managed resource group (MRG). When attempting to make changes to a managed resource group or its associated resources, users encounter system deny assignment errors.

Under a managed resource group, users have restricted access. These MRGs are established during workspace creation and are under the control of Databricks management. No alterations or modifications can be applied to the MRG itself or the resources within it.

Please refer this document for the more details: https://learn.microsoft.com/en-us/azure/role-based-access-control/deny-assignments

Please let me know if this helps and leave a like if this helps, followups are appreciated.
Kudos
Ayushi

Lucidity
New Contributor II

Thank you for your reply

Is there any way databricks provides to bypass the deny assignment for specific apps? I noticed in the deny assignment unity-catalog-access-connector has been provided exlusion under the excludePrincipals section. is there a way to get our application also excluded from the deny assignment?

Are you aware of any API's databricks provides to attach / detach disks from a VM part of databricks cluster part of managed resource group?


Apart from this, would be really helpful if you can suggest any other alternatives

thanks 

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group