Synapse Workspace Permission Error
Published May 18 2020 06:55 AM 9,175 Views

With the release of Synapse Workspaces we have a new set of permissions to deal with allowing users access to the Synapse Workspace as well as the resources within the workspace.  


Following the step by step instructions which are provided here  users still have problems accessing the workspace and receive the following exception "You need permission to access workspace" 



Resolution :

Confirm that your client breakout IP address has been granted access to the Workspace in the firewall blade of the Workspace in the Azure Portal. Firewall rules govern access to the workspace and will be reported as Permission Error while attempting to access the workspace.   


WorkspaceFW Rules.PNG

In the event that you created the workspace via ARM template please follow the guidelines as documented here. The instructions will guide you through granting Storage Blob permissions for the Managed Identity.


In Powershell or Cloudshell Execute the following. 

$identity=$(az synapse workspace show --name {workspace name} --resource-group {resource group name} --query "identity.principalId").
az role assignment create --role "Storage Blob Data Contributor" --assignee-object-id {identity } --scope {storage account resource id}.
az synapse firewall-rule create --name allowAll --start-ip-address --end-ip-address


Version history
Last update:
‎Sep 25 2020 10:32 AM
Updated by: