I’m trying to set up the external location for the unity catalog. it was able to connect to storage while trying to test a connection in which storage access is limited to selected vnets and ips. but I’m getting a 403 error while accessing the storage from the notebook even adding the blob contributor access to managed identity. Did I miss anything?
my assumption is since I added a connector to the trusted resources it will bypass the network rules.
2
Answers
Databricks throwing 403 error
The main reason for 403 error is related to authorization issues for accessing azure storage account to avoid access related issues Assign the application to a role, make sure to assign the Storage Blob Data Contributor role to the service principal.
To check if the role is assigned open Access control -> Check Access -> Check access
and search for databricks
Additional Settings
Try adding the Databricks’ workspace managed identity as a Storage Blob Data Contributor.
IAM for Databricks Managed Identity
You’ll also want to add the relevant IAM conditional access, such as Read / Write permissions.
Conditional Access for Managed Identity