Blog Post

Azure Synapse Analytics Blog
1 MIN READ

Spark Notebook error: Java.sql.SQLException:User does not have permissions to perform this action

Liliam_C_Leme's avatar
Liliam_C_Leme
Icon for Microsoft rankMicrosoft
Jul 24, 2020
I was working on this case last week with permission error on the spark notebook, so basically the scenario was:  1. Loading data from another database to DB container. 2. Loading Data from Dataw...
Updated Jul 24, 2020
Version 1.0
Synapse Security
synapse spark
synapse support
Liliam_C_Leme's avatar
Liliam_C_Leme
Icon for Microsoft rankMicrosoft
Oct 07, 2020

rebremer , thanks for sharing. but, were you reading data from SQLPool with managed identities on the notebook and db_datareader failed? Is that what happened? Or were you trying to read the data from the pipeline and the permission was not enough?

Johannes_Vink  - I forgot to add more information about your question:

there are limitations for managed identities on SQL Pool documented here:

https://docs.microsoft.com/en-us/sql/t-sql/statements/copy-into-transact-sql?view=azure-sqldw-latest

But the syntax would be like: spark.read.option("useAzureMSI","true")  - anyway, there is some discussion about this here https://github.com/MicrosoftDocs/azure-docs/issues/45261 and they updated the docs here: https://docs.microsoft.com/en-us/azure/databricks/data/data-sources/azure/synapse-analytics

Alternatively, if you use ADLS Gen2 + OAuth 2.0 authentication or your Azure Synapse instance is configured to have a Managed Service Identity (typically in conjunction with a VNet + Service Endpoints setup), you must set useAzureMSI to true. In this case the connector will specify IDENTITY = 'Managed Service Identity' for the databased scoped credential and no SECRET.