I have linked a github repo to an Azure synapse account, and all the resources, pipelines, data flows, etc are successfully committed in ARM files in the repo
However, when another developer tries to access this synapse workspace he gets the following error "Retrieve GitHub Access Token - The personal access token is invalid. Please provide a valid token"
When he logs into github through synapse, he is never prompted to enter his PAT. He has full ownership rights on the github repo and is an admin on the Azure subscription and owner of the synapse workspace
We figured this out with help from Microsoft support - turns out it was nothing to do with personal access tokens and was just a permissions issue in Azure, when I made the other developer a Synapse Administrator.
The key was to make him a Synapse Administrator from within the workspace itself (under the manage tab) as opposed to an owner of the workspace, set within Azure portal:
Related
Trying to create a Metastore for manage identity incorporating in Azure Databricks but the data tab only shows create table.
Per the documentation, it should be there. Also, I have created the databricks service and have azure contributor role.
I am an admin to the Databricks workspace. Is it unavailable on Azure?
Well, you don't give details about your environment, so I just can give some ideas about what is missing.
First, change the environment to "SQL" (click on "Data Science & Engineering" menu at the top left)
Second, do you have all the requirements? The requirements are here: https://learn.microsoft.com/en-us/azure/databricks/data-governance/unity-catalog/get-started#requirements
I think do you missing this permission here:
*You must be an Azure Databricks account admin.
The first Azure Databricks account admin must be an Azure Active Directory Global Administrator at the time that they first log in to the Azure Databricks account console. Upon first login, that user becomes an Azure Databricks account admin and no longer needs the Azure Active Directory Global Administrator role to access the Azure Databricks account. The first account admin can assign users in the Azure Active Directory tenant as additional account admins (who can themselves assign more account admins). Additional account admins do not require specific roles in Azure Active Directory.*
To check if you are an Azure Databricks account admin you can access:
https://accounts.azuredatabricks.net/login?next_url=%2Flogin%2F
and verify if you have the access to the Databricks administration screen
I have connected my azure account in Data Studio and I am using Azure SQL migration extension (v0.1.12) to migrate on-prem SQL to Azure Managed Instance.
However my subscription details are not getting fetched.
Screen Shot Attached Here
When I manually add Azure Subscription details I am getting following error
Manually Entered Details
And the error message Error
The issue seems to be more of access level issues.
Below are the type of access levels that you need to have for creating Azure Migrate Appliance project
Contributor or Owner permissions in the Azure subscription.
Permissions to register Azure Active Directory (Azure AD) apps.
Owner or Contributor and User Access Administrator permissions in the Azure subscription to create an instance of Azure Key Vault, which is used during agentless server migration.
Below are the steps to set contributor or Owner permissions
From Azure Subscriptions panel select the subscription
Move to Access Control IAM and select Add role Assignment
Assign the following roles.
For complete information check the Microsoft Document on providing access.
I am trying to create an ARM Template in Azure to build VM's and WebApps in prep for the AZ204 exam.
However, I am running into an issue in creating a template, from a downloaded json file.
The error I am getting is
The client 'Simon.Price#xxx' with object id 'f65d2b21-aa7e-4d5a-9ed3-xxxxx' does not have authorization to perform action 'Microsoft.Gallery/register/action' over scope '/providers/Microsoft.Gallery' or the scope is invalid. If access was recently granted, please refresh your credentials.
I have confirmed that in Azure AD that my account is an Global Administrator, with the description
Can manage all aspects of Azure AD and Microsoft services that use Azure AD identities.
which implies I should be able to do this.
What permissions am I missing?
when trying to use the databricks Repo feature with AzureDevOps, I am not able to add a repo to my databricks workspace add repo and I am getting a Bad Request as Response error message.
Under User settings -> Git Integration -> Git Provider I have selected Azure Devops Services and in advanced settings Notebook Git Versioning is enabled.
I tried with a different browser, aswell as in private mode. In addition I tried to delete my cookies, but still got the same error. The integration to GitHub with a PAT works fine. I am also able to sync notebooks to the Azure DevOps repository, but the repo feature itself is not working.
I work in a corporate environment and we use single sign on with Azure Active Directory to authenticate to the Workspace. I really dont have an idea what causes the issue.
My only guess is that something AD authentification related is not set properly.
Sometimes when trying to access the workspace via the azure portal I receive the message that my account has no Contributer or Owner Role on the workspace role warning, which is strange since I am an admin in the Databricks workspace. After clicking on sign in with AzureAD I receive the warning: AADSTS90015: Requested query string is too long query string warning. However if I click back in the browser and click again on sign in with AzureID I am able to access the workspace.
The 400 Bad Request is an error from Azure DevOps. We would recommend you reach out to Azure DevOps support for help on this.
Regarding the role warning, this is related to your permissions on the workspace object in Azure Active Directory (rather than your admin permissions in the workspace) - the error message indicates that when we looked up your permissions in Azure, they didn't match those of either a contributor or owner on the workspace. However, if you are a contributor and see this error occasionally, that is unexpected behavior and we can surface this internally.
Check if your account that signed in Databricks has the correct permissions in the workspace on Azure Portal, and on Azure DevOps to access the Git repository.
You also can try to use the same account to sign in Azure DevOps to see if you can access the specified repository.
For more details, you can see "Azure Databricks - Repos for Git integration".
I am facing an issue on Azure Data Factory when I try to access the Azure DevOps Git Repository that I configured. The error message is: "Invalid GIT configuration. You need to gain access to the repository before you can publish any changes. Details: Authentication error - you do not have access to the provided Azure DevOps account."
I am using the same account on both DevOps and Data Factory. My Azure portal access is "Contributor" at the subscription level and my DevOps role is Project Administrator on the project.
Regards,
Tania
I've tried various combinations of creating the repository as new from Data Factory as well as using an existing one created (by myself) in Azure DevOps.
From https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles in the Open Feedback items a user mentions that "the Build-in role Data Factory Contributor this is not in Allow part:
Action:Microsoft.DataFactory/locations/configureFactoryRepo/action"
I investigated the the contributor role and it appears to have the Action allowed as "Read" ?
ADF Repo Settings
ADF Repo Error
After the detailed message shared from #taniaw, this issue caused by the account confused.
Here has 2 accounts, A#abc.com, and A#efg.com.
When login to azure portal with A#abc.com, and configure the Azure Devops Git. It's all correct. Now, the issue is when go Azure Devops Git tab after the repos configured successfully, its access account used in the backend changed into A#efg.com. But this account does not has permission to access the organization and repos. That's why when click the Azure Devops Git tab, it is grey and receiving the error message "You do not access to the repository".
These detailed message can all be viewed by Fiddler. Everyone can use fiddler trace to know the exactly error caused then analyze it.
At last, the solution is this is the account mapping confused issue which need Azure Account Team support.
Verify the User configuration at Organization level:
The default is "Stakeholder" - it should be "Basic" actually.
Hope it is useful.
This issue was resolved today. The cause was a different Azure DevOps tenant where my account had been added as a guest had used an email account instead of my Azure AD account and this caused the confusion when passing credentials from Azure Data Factory to Azure DevOps. The issue was resolved by leaving the organization that had my user mis-configured as I'm no longer actively working on that project. A better solution may have been to have their Azure AD administrator update my guest account to the correct details.