Notebook - This request is not authorized to perform this operation. , 403

Published Sep 28 2020 02:59 AM 6,587 Views

This a quick post about this failure and how to fix: Error: org.apache.spark.sql.AnalysisException: java.lang.RuntimeException:
The operation failed: 'This request is not authorized to perform this operation.', 403


First, let's just add some context : 


When you are working on synapse workspace with the managed identity you would need to give Storage Blob Data contributor permission to the workspace that represents the managed identity permission:

More information here:


Speaking of managed identities -quick review on it: "A common challenge when building cloud applications is how to manage the credentials in your code for authenticating to cloud services. You can use the identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without any credentials in your code."

More here:


So there you are with your workspace with the managed identity permissions granted running a notebook to create a database on Spark.

Note you are the one running the notebook on Synapse Studio and you are not using any credentials as you are under Synapse workspace:






spark.sql("CREATE DATABASE IF NOT EXISTS nyctaxi")






It fails:
Error : org.apache.spark.sql.AnalysisException: java.lang.RuntimeException: Operation failed: "This request is not authorized to perform this operation using this permission.", 403, HEAD,;
Add the RBAC Storage Blob Data Contributor to the user that is running the notebook, or your user.
Steps here: (Grant permissions to managed identity after workspace creation)
In this case, the script is running under the user that is executing the notebook. So this user needs permission as well.
That is it!
Liliam Uk Engineer.



Hi @Liliam_Leme 

I have assigned following permissions:

  1. Myself and Synapse identity as Storage Blob Contributor
  2. Myself as Synapse Admin
  3. Added Myself and Synapse identity to ACL with Read, Write and Execute permissions on container

Still I'm getting this error




Hi,@GauravKhattar  do you have Vnet enable? is the error the same with or without the firewall?  Is this storage account on the same subscription? Can you connect on it with the Synapse linked server? is Synapse configured to pass through the firewall ( if it is enabled)? Connect to a secure storage account from your Azure Synapse workspace - Azure Synapse Analytics | Mi...

Did you create this workspace on top of SQLDW ( former). If that is the case, can you try to add a private endpoint?

Version history
Last update:
‎Sep 28 2020 02:58 AM
Updated by: