Synapse external table "Unauthorized"

Question

question

Aymon asked May 6, '22 SumanthMarigowda-MSFT edited Jun 5, '22

Synapse external table "Unauthorized"

I have created an external table in Azure Synapse from a parquet file stored in an ADLS Gen2 container. I have used the following queries to create the datasource, the file format and the table:

 GRANT REFERENCES ON CREDENTIAL::[https://XXXXX.dfs.core.windows.net/XXXXXXX] TO demoiics
    
 IF NOT EXISTS (SELECT * FROM sys.external_file_formats WHERE name = 'SynapseParquetFormat') 
     CREATE EXTERNAL FILE FORMAT [SynapseParquetFormat] 
     WITH ( FORMAT_TYPE = PARQUET)
 GO
    
 IF NOT EXISTS (SELECT * FROM sys.external_data_sources WHERE name = 'XXXXX_XXXX_dfs_core_windows_net') 
     CREATE EXTERNAL DATA SOURCE [XXXXX_XXXXX_dfs_core_windows_net] 
     WITH (
         LOCATION = 'abfss://XXXXXX@XXXXXX.dfs.core.windows.net',
         CREDENTIAL = [https://XXXXX.dfs.core.windows.net/XXXXXXX]
     )
 GO
    
 CREATE EXTERNAL TABLE XXXXXX.e_dim_channel3 (
     [infa_operation_time] nvarchar(4000),
     [channel_key] bigint,
     [channel_name] nvarchar(4000)
     )
     WITH (
     LOCATION = 'contososales_f_dim_channel/**',
     DATA_SOURCE = [XXXXX_XXXX_dfs_core_windows_net],
     FILE_FORMAT = [SynapseParquetFormat]
     )
 GO

The file is in a Container that allows anonymous access:

Anyway, I have added the database user as a "Storage blob data contributor" (And "data reader", just in case) in the storage account:

The problem is that it is not possible to query the data of the external tables from external clients, such as "SQL Server Management Studio", we always receive the same error:

 External table 'XXXXXX.e_dim_channel3' is not accessible because content of directory cannot be listed.

Any idea?

Thanks.

azure-synapse-analytics azure-data-lake-storage

image.png (10.9 KiB)

image.png (4.6 KiB)

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 1 · 2022-05-06T11:36:47.393Z

ShaikMaheer-MSFT answered May 6, '22 ShaikMaheer-MSFT commented May 19, '22

Hi @Aymon,

Thank you for posting query in Micrsoft Q&A Platform.

While we try to execute query in external table behind the scenes database scoped credential object which we created in data source will get use to access data from external storage. So, its important to have credential object created with proper credentials.

Also, User must have SELECT permission on an external table to read the data. External tables access underlying Azure storage using the database scoped credential defined in data source using the following rules:

Data source without credential enables external tables to access publicly available files on Azure storage.
Data source can have a credential that enables external tables to access only the files on Azure storage using SAS token or workspace Managed Identity - For examples, see the Develop storage files storage access control article.

So could you please make sure you have created credential object with proper credentials and also user has select permission on external table?

Kindly consider checking below videos to understand more about data sources, credential objects, file formats and external tables.

Hope this helps. Please let us know if any further queries. Thank you.

Please consider hitting Accept Answer button. Accepted answers help community as well.

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ShaikMaheer-MSFT · May 19 at 03:46 PM

Hi @Aymon,

Just checking in to see if the above answer helped. If this answers your query, do click and upvote for the same. And, if you have any further query do let us know.

0 ·

question