Following this lab: Lab: Serverless Synapse - From Spark to SQL On Demand - Microsoft Tech Community
You may experience this message:
Failed to execute the query because content of directory cannot be listed)
This is due to an extra step required to enable the AAD to pass through the firewall on the storage.
Query SQL Serverless failed as following while querying Spark.
On Azure Portal, Storage Account -> Networking is configured as follows ( with Allow trusted Microsoft services to access this account enabled):
If you change to All Networks it does work successfully.
Mitigation: Enable the AAD to pass through the firewall on the storage.
Microsoft Doc: Control storage account access for serverless SQL pool - Azure Synapse Analytics | Microsoft Docs
Run the following-> exactly like this example but replace the values as required:
Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $accountName -TenantId $tenantId -ResourceId "/subscriptions/<subscriptionid>/resourcegroups/<rgname>/providers/Microsoft.Synapse/workspaces/<workspacename>"
1) For the Tenant ID you can get the value from the Azure Portal ->AAD
2) Note you may need to install Power Shell version 3 like my example:
(PowerShell Gallery | Az.Storage 3.0.1-preview)
Thanks to Stefan Azaric.
That is it!
Another option is to set up the data source for the external table to use the Synapse Managed Identity. This way you can then secure the external table using GRANT statements on the external table and have Synapse request the data from the Data Lake.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.