我在自己的 Azure 订阅中预配了一个 Databricks 工作区,用于我自己的学习目的。
我想通过 Azure 门户 UI 访问 Databricks 托管存储帐户中的容器,但是当我尝试这样做时:
The client 'my@email' with object id 'myobjectid' has permission to
perform action 'Microsoft.Storage/storageAccounts/listKeys/action'
on scope '/my/storage/account'; however,
the access is denied because of the deny assignment
with name 'System deny assignment created by
Azure Databricks /my/workspace' and Id 'myid' at scope '/my/workspace'.
如何将所有权限授予我的 Azure 帐户所有者(我)?
最佳答案
即使您是所有者,您也不能在 Azure Databricks 创建的托管资源组上执行此操作 - 它是由 Databricks 管理的资源,它阻止直接访问数据,因为它在存储帐户中存储了一些系统信息。如果您尝试这样做,您将收到如下错误:
Failed to add User as Storage Blob Data Contributor for dbstorageveur7e23e27e4c : The client '....' with object id '...' has permission to perform action 'Microsoft.Authorization/roleAssignments/write' on scope '/subscriptions/..../resourceGroups/databricks-rg-...-jm5c8b2za1oks/providers/Microsoft.Storage/storageAccounts/dbstorageveur7e23e27e4c/providers/Microsoft.Authorization/roleAssignments/f2bc46d3-4aee-4d8f-803d-3d6324b5c094'; however, the access is denied because of the deny assignment with name 'System deny assignment created by Azure Databricks /subscriptions/.../resourceGroups/.../providers/Microsoft.Databricks/workspaces/...' and Id '99598a6270644ecdacfb23af7b0df9a0' at scope '/subscriptions/....resourceGroups/databricks-rg-...-jm5c8b2za1oks'..
关于azure-databricks - 如何覆盖拒绝分配以便我可以访问数据 block 管理的存储容器?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/73064767/