This a quick post about this failure and how to fix: Error: org.apache.spark.sql.AnalysisException: java.lang.RuntimeException:
The operation failed: 'This request is not authorized to perform this operation.', 403
First, let's just add some context :
When you are working on synapse workspace with the managed identity you would need to give Storage Blob Data contributor permission to the workspace that represents the managed identity permission:
https://docs.microsoft.com/en-us/azure/synapse-analytics/security/how-to-grant-workspace-managed-ide...
More information here: https://docs.microsoft.com/en-us/azure/synapse-analytics/security/synapse-workspace-managed-identity
Speaking of managed identities -quick review on it: "A common challenge when building cloud applications is how to manage the credentials in your code for authenticating to cloud services. You can use the identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without any credentials in your code."
More here: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview?...
So there you are with your workspace with the managed identity permissions granted running a notebook to create a database on Spark.
Note you are the one running the notebook on Synapse Studio and you are not using any credentials as you are under Synapse workspace:
%%spark
spark.sql("CREATE DATABASE IF NOT EXISTS nyctaxi")
It fails:
Solution:
Add the RBAC Storage Blob Data Contributor to the user that is running the notebook, or your user.
In this case, the script is running under the user that is executing the notebook. So this user needs permission as well.
That is it!
Liliam Uk Engineer.
