question

fmms avatar image
1 Vote"
fmms asked fmms commented

Azure Synapse Studio - Browsing a VNet isolated Data Lake

Hi,

I want to use Synapse Studio to access a data lake that is in a VNet. For this I have created a workspace with the Managed VNet option. For the pipelines within Synapse this works well. I can preview files on the data lake.

However, the file system browser that is integrated in the Synapse Studio does not leverage the Integration Runtime that is configured in its linked service.
79764-image.png

As a result it is not working at all.
79783-image.png

Are there any tricks to make that happen?

Thanks alot

azure-synapse-analyticsazure-data-lake-storage
image.png (75.9 KiB)
image.png (91.5 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I'm having EXACTLY the same issue, including the fact that the role assignment in the storage account and the private endpoints are already created.
It doesn't seem to work when the storage account is restricted to a specific vnet.

1 Vote 1 ·

1 Answer

PRADEEPCHEEKATLA-MSFT avatar image
0 Votes"
PRADEEPCHEEKATLA-MSFT answered fmms commented

Hello @fmms,

Welcome to the Microsoft Q&A platform.

To resolve this issue, you need to have proper rights to access on the Storage Account.

Easiest way is to grant Storage Blob Data Contributor role to the Managed identity name fmsynwsp you're trying to access.

Go to storage account => Access Control (IAM) => Add => Add role assignment => Select Role Storage Blob Data Contributor => Select Managed identity name fmsynwsp and click on save.

80089-image.png

For more details, refer:

Visit full guide on Azure Active Directory access control for storage for more information

Visit Control storage account access for serverless SQL pool in Azure Synapse Analytics.

Note: Before you create a linked service, click on Test connection button to verify the connection.

80119-image.png

Once you had granted permission on the storage account, you will be able to access the storage account in synapse workspace.

80090-image.png

Hope this helps. Do let us know if you any further queries.


Please don’t forget to Accept Answer and Up-Vote wherever the information provided helps you, this can be beneficial to other community members.




image.png (160.8 KiB)
image.png (65.5 KiB)
image.png (74.6 KiB)
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

thanks for the answer. @PRADEEPCHEEKATLA-MSFT

Though I cannot reproduce this at the moment.

Can you please confirm that your storage account is just accessible from VNet:
80252-image.png

I have validated with LogAnalytics, that this is an IP error, rather than the plain Azure Storage Contributor which i do have:
80234-image.png

Moreover, could you please validate that your browser is not talking to the storage account client side, mine seems to be:
80215-image.png

Thanks alot


0 Votes 0 ·
image.png (38.4 KiB)
image.png (42.2 KiB)
image.png (61.9 KiB)

Hello @fmms,

Have you tried granting Storage Blob Data Contributor role to the Managed identity name fmsynwsp you're trying to access?

0 Votes 0 ·
fmms avatar image fmms PRADEEPCHEEKATLA-MSFT ·

For sure I did:
80828-image.png

There is no problem with permissions on the blob.
My issue is that even though there is an interactive authoring runtime configured on the runtime of the linked service, it is still my browser sending a client side request.

0 Votes 0 ·
image.png (59.5 KiB)
Show more comments