Databricks fails accessing a Data Lake Gen1 while trying to enumerate a directory Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern) Data science time! April 2019 and salary with experience The Ask Question Wizard is Live!Azure Data Lake Store: Request Was Unauthorized When Writing to ADLS from Data Factory in a Different SubscriptionHow to connect ADLS account with Azure VMTest environment for microsoft graph api and Azure v2.0Does Cortana Skill support login with Azure AD B2C account?ADAL V3, Azure Data Lake, Certificates and ServiceClientCredentialsAzure AD Application - Manifest settings caching. Can I refresh this cache?Azure AD OAuth2.0: I dont get a refresh tokenGetting SSL error while running experiment on azure databricksPolybase to Azure Data Lake Gen 2 FailingAccess unmanaged (external) Azure Databricks Hive table via JDBC
How to evaluate this function?
The test team as an enemy of development? And how can this be avoided?
Is a copyright notice with a non-existent name be invalid?
How to make an animal which can only breed for a certain number of generations?
Why do C and C++ allow the expression (int) + 4?
By what mechanism was the 2017 UK General Election called?
Is the time—manner—place ordering of adverbials an oversimplification?
Is there a spell that can create a permanent fire?
What are some likely causes to domain member PC losing contact to domain controller?
"Destructive power" carried by a B-52?
How to achieve cat-like agility?
My mentor says to set image to Fine instead of RAW — how is this different from JPG?
Order between one to one functions and their inverses
latest version of QGIS fails to edit attribute table of GeoJSON file
Why BitLocker does not use RSA
Any stored/leased 737s that could substitute for grounded MAXs?
What did Turing mean when saying that "machines cannot give rise to surprises" is due to a fallacy?
Noise in Eigenvalues plot
How does TikZ render an arc?
Why are two-digit numbers in Jonathan Swift's "Gulliver's Travels" (1726) written in "German style"?
How to make triangles with rounded sides and corners? (squircle with 3 sides)
Is there a verb for listening stealthily?
Flight departed from the gate 5 min before scheduled departure time. Refund options
When does a function NOT have an antiderivative?
Databricks fails accessing a Data Lake Gen1 while trying to enumerate a directory
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)
Data science time! April 2019 and salary with experience
The Ask Question Wizard is Live!Azure Data Lake Store: Request Was Unauthorized When Writing to ADLS from Data Factory in a Different SubscriptionHow to connect ADLS account with Azure VMTest environment for microsoft graph api and Azure v2.0Does Cortana Skill support login with Azure AD B2C account?ADAL V3, Azure Data Lake, Certificates and ServiceClientCredentialsAzure AD Application - Manifest settings caching. Can I refresh this cache?Azure AD OAuth2.0: I dont get a refresh tokenGetting SSL error while running experiment on azure databricksPolybase to Azure Data Lake Gen 2 FailingAccess unmanaged (external) Azure Databricks Hive table via JDBC
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I am using (well... trying to use) Azure Databricks and I have created a notebook.
I would like the notebook to connect my Azure Data Lake (Gen1) and transform the data. I followed the documentation and put the code in the first cell of my notebook:
spark.conf.set("dfs.adls.oauth2.access.token.provider.type", "ClientCredential")
spark.conf.set("dfs.adls.oauth2.client.id", "**using the application ID of the registered application**")
spark.conf.set("dfs.adls.oauth2.credential", "**using one of the registered application keys**")
spark.conf.set("dfs.adls.oauth2.refresh.url", "https://login.microsoftonline.com/**using my-tenant-id**/oauth2/token")
dbutils.fs.ls("adl://**using my data lake uri**.azuredatalakestore.net/tenantdata/events")
The execution fails with this error:
com.microsoft.azure.datalake.store.ADLException: Error enumerating
directory /
Operation null failed with exception java.io.IOException : Server
returned HTTP response code: 400 for URL:
https://login.microsoftonline.com/using my-tenant-id/oauth2/token
Last encountered exception thrown after 5 tries.
[java.io.IOException,java.io.IOException,java.io.IOException,java.io.IOException,java.io.IOException]
[ServerRequestId:null] at
com.microsoft.azure.datalake.store.ADLStoreClient.getExceptionFromResponse(ADLStoreClient.java:1169)
at
com.microsoft.azure.datalake.store.ADLStoreClient.enumerateDirectoryInternal(ADLStoreClient.java:558)
at
com.microsoft.azure.datalake.store.ADLStoreClient.enumerateDirectory(ADLStoreClient.java:534)
at
com.microsoft.azure.datalake.store.ADLStoreClient.enumerateDirectory(ADLStoreClient.java:398)
at
com.microsoft.azure.datalake.store.ADLStoreClient.enumerateDirectory(ADLStoreClient.java:384)
I have given the registered application the Reader role to the Data Lake:
Question
How can I allow Spark to access the Data Lake?
Update
I have granted both the tenantdata and events folders Read and Execute access:
scala
azure apache-spark azure-data-lake azure-databricks asked Mar 22 at 12:52
KzrystofKzrystof
2,26831628
add a comment |
I am using (well... trying to use) Azure Databricks and I have created a notebook.
I would like the notebook to connect my Azure Data Lake (Gen1) and transform the data. I followed the documentation and put the code in the first cell of my notebook:
spark.conf.set("dfs.adls.oauth2.access.token.provider.type", "ClientCredential")
spark.conf.set("dfs.adls.oauth2.client.id", "**using the application ID of the registered application**")
spark.conf.set("dfs.adls.oauth2.credential", "**using one of the registered application keys**")
spark.conf.set("dfs.adls.oauth2.refresh.url", "https://login.microsoftonline.com/**using my-tenant-id**/oauth2/token")
dbutils.fs.ls("adl://**using my data lake uri**.azuredatalakestore.net/tenantdata/events")
The execution fails with this error:
com.microsoft.azure.datalake.store.ADLException: Error enumerating
directory /
Operation null failed with exception java.io.IOException : Server
returned HTTP response code: 400 for URL:
https://login.microsoftonline.com/using my-tenant-id/oauth2/token
Last encountered exception thrown after 5 tries.
[java.io.IOException,java.io.IOException,java.io.IOException,java.io.IOException,java.io.IOException]
[ServerRequestId:null] at
com.microsoft.azure.datalake.store.ADLStoreClient.getExceptionFromResponse(ADLStoreClient.java:1169)
at
com.microsoft.azure.datalake.store.ADLStoreClient.enumerateDirectoryInternal(ADLStoreClient.java:558)
at
com.microsoft.azure.datalake.store.ADLStoreClient.enumerateDirectory(ADLStoreClient.java:534)
at
com.microsoft.azure.datalake.store.ADLStoreClient.enumerateDirectory(ADLStoreClient.java:398)
at
com.microsoft.azure.datalake.store.ADLStoreClient.enumerateDirectory(ADLStoreClient.java:384)
I have given the registered application the Reader role to the Data Lake:
Question
How can I allow Spark to access the Data Lake?
Update
I have granted both the tenantdata and events folders Read and Execute access:
scala
azure apache-spark azure-data-lake azure-databricks asked Mar 22 at 12:52
KzrystofKzrystof
2,26831628
Maybe try setting the application to theContributorrole instead ofReader.
– Jon
Mar 24 at 14:18
add a comment |
I am using (well... trying to use) Azure Databricks and I have created a notebook.
I would like the notebook to connect my Azure Data Lake (Gen1) and transform the data. I followed the documentation and put the code in the first cell of my notebook:
spark.conf.set("dfs.adls.oauth2.access.token.provider.type", "ClientCredential")
spark.conf.set("dfs.adls.oauth2.client.id", "**using the application ID of the registered application**")
spark.conf.set("dfs.adls.oauth2.credential", "**using one of the registered application keys**")
spark.conf.set("dfs.adls.oauth2.refresh.url", "https://login.microsoftonline.com/**using my-tenant-id**/oauth2/token")
dbutils.fs.ls("adl://**using my data lake uri**.azuredatalakestore.net/tenantdata/events")
The execution fails with this error:
com.microsoft.azure.datalake.store.ADLException: Error enumerating
directory /
Operation null failed with exception java.io.IOException : Server
returned HTTP response code: 400 for URL:
https://login.microsoftonline.com/using my-tenant-id/oauth2/token
Last encountered exception thrown after 5 tries.
[java.io.IOException,java.io.IOException,java.io.IOException,java.io.IOException,java.io.IOException]
[ServerRequestId:null] at
com.microsoft.azure.datalake.store.ADLStoreClient.getExceptionFromResponse(ADLStoreClient.java:1169)
at
com.microsoft.azure.datalake.store.ADLStoreClient.enumerateDirectoryInternal(ADLStoreClient.java:558)
at
com.microsoft.azure.datalake.store.ADLStoreClient.enumerateDirectory(ADLStoreClient.java:534)
at
com.microsoft.azure.datalake.store.ADLStoreClient.enumerateDirectory(ADLStoreClient.java:398)
at
com.microsoft.azure.datalake.store.ADLStoreClient.enumerateDirectory(ADLStoreClient.java:384)
I have given the registered application the Reader role to the Data Lake:
Question
How can I allow Spark to access the Data Lake?
Update
I have granted both the tenantdata and events folders Read and Execute access:
scala
azure apache-spark azure-data-lake azure-databricks asked Mar 22 at 12:52
KzrystofKzrystof
2,26831628
I am using (well... trying to use) Azure Databricks and I have created a notebook.
I would like the notebook to connect my Azure Data Lake (Gen1) and transform the data. I followed the documentation and put the code in the first cell of my notebook:
spark.conf.set("dfs.adls.oauth2.access.token.provider.type", "ClientCredential")
spark.conf.set("dfs.adls.oauth2.client.id", "**using the application ID of the registered application**")
spark.conf.set("dfs.adls.oauth2.credential", "**using one of the registered application keys**")
spark.conf.set("dfs.adls.oauth2.refresh.url", "https://login.microsoftonline.com/**using my-tenant-id**/oauth2/token")
dbutils.fs.ls("adl://**using my data lake uri**.azuredatalakestore.net/tenantdata/events")
The execution fails with this error:
com.microsoft.azure.datalake.store.ADLException: Error enumerating
directory /
Operation null failed with exception java.io.IOException : Server
returned HTTP response code: 400 for URL:
https://login.microsoftonline.com/using my-tenant-id/oauth2/token
Last encountered exception thrown after 5 tries.
[java.io.IOException,java.io.IOException,java.io.IOException,java.io.IOException,java.io.IOException]
[ServerRequestId:null] at
com.microsoft.azure.datalake.store.ADLStoreClient.getExceptionFromResponse(ADLStoreClient.java:1169)
at
com.microsoft.azure.datalake.store.ADLStoreClient.enumerateDirectoryInternal(ADLStoreClient.java:558)
at
com.microsoft.azure.datalake.store.ADLStoreClient.enumerateDirectory(ADLStoreClient.java:534)
at
com.microsoft.azure.datalake.store.ADLStoreClient.enumerateDirectory(ADLStoreClient.java:398)
at
com.microsoft.azure.datalake.store.ADLStoreClient.enumerateDirectory(ADLStoreClient.java:384)
I have given the registered application the Reader role to the Data Lake:
Question
How can I allow Spark to access the Data Lake?
Update
I have granted both the tenantdata and events folders Read and Execute access:
scala
azure apache-spark azure-data-lake azure-databricks scala
azure apache-spark azure-data-lake azure-databricks asked Mar 22 at 12:52
KzrystofKzrystof
2,26831628
asked Mar 22 at 12:52
KzrystofKzrystof
2,26831628
edited Apr 1 at 12:01
Kzrystof
asked Mar 22 at 12:52
KzrystofKzrystof
2,26831628
asked Mar 22 at 12:52
KzrystofKzrystof
2,26831628
asked Mar 22 at 12:52
KzrystofKzrystof
2,26831628
2,26831628
Maybe try setting the application to theContributorrole instead ofReader.
– Jon
Mar 24 at 14:18
add a comment |
Maybe try setting the application to theContributorrole instead ofReader.
– Jon
Mar 24 at 14:18
Maybe try setting the application to the
Contributor role instead of Reader.– Jon
Mar 24 at 14:18
Maybe try setting the application to the
Contributor role instead of Reader.– Jon
Mar 24 at 14:18
add a comment |
1 Answer
1
active
oldest
votes
The RBAC roles on the Gen1 lake do not grant access to the data (just the resource itself), with exception of the Owner role which grants Super User access and does grant full data access.
You must grant access to the folders/files themselves using Data Explorer in the Portal or download storage explorer using POSIX permissions.
This guide explains the detail of how to do that: https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-access-control
Reference: https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-secure-data
Only the Owner role automatically enables file system access. The
Contributor, Reader, and all other roles require ACLs to enable any
level of access to folders and files
answered Mar 25 at 11:39
simon_dmoriassimon_dmorias
7741514
Sorry for the delayed response. I did have the permissions on both folders... :(
– Kzrystof
Apr 1 at 12:01
You must have at least Execute permission on every folder above the folder you are trying to access (including root).
– simon_dmorias
Apr 3 at 12:19
The root, the tenantdata folder and the events folder all do have the Read and Execute permission... :(
– Kzrystof
Apr 3 at 12:41
1
As a test can you add your principal to the owner group on the resource. If that works then you have missed a folder permission somewhere.
– simon_dmorias
Apr 3 at 13:10
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55300048%2fdatabricks-fails-accessing-a-data-lake-gen1-while-trying-to-enumerate-a-director%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The RBAC roles on the Gen1 lake do not grant access to the data (just the resource itself), with exception of the Owner role which grants Super User access and does grant full data access.
You must grant access to the folders/files themselves using Data Explorer in the Portal or download storage explorer using POSIX permissions.
This guide explains the detail of how to do that: https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-access-control
Reference: https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-secure-data
Only the Owner role automatically enables file system access. The
Contributor, Reader, and all other roles require ACLs to enable any
level of access to folders and files
answered Mar 25 at 11:39
simon_dmoriassimon_dmorias
7741514
Sorry for the delayed response. I did have the permissions on both folders... :(
– Kzrystof
Apr 1 at 12:01
You must have at least Execute permission on every folder above the folder you are trying to access (including root).
– simon_dmorias
Apr 3 at 12:19
The root, the tenantdata folder and the events folder all do have the Read and Execute permission... :(
– Kzrystof
Apr 3 at 12:41
1
As a test can you add your principal to the owner group on the resource. If that works then you have missed a folder permission somewhere.
– simon_dmorias
Apr 3 at 13:10
add a comment |
The RBAC roles on the Gen1 lake do not grant access to the data (just the resource itself), with exception of the Owner role which grants Super User access and does grant full data access.
You must grant access to the folders/files themselves using Data Explorer in the Portal or download storage explorer using POSIX permissions.
This guide explains the detail of how to do that: https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-access-control
Reference: https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-secure-data
Only the Owner role automatically enables file system access. The
Contributor, Reader, and all other roles require ACLs to enable any
level of access to folders and files
answered Mar 25 at 11:39
simon_dmoriassimon_dmorias
7741514
Sorry for the delayed response. I did have the permissions on both folders... :(
– Kzrystof
Apr 1 at 12:01
You must have at least Execute permission on every folder above the folder you are trying to access (including root).
– simon_dmorias
Apr 3 at 12:19
The root, the tenantdata folder and the events folder all do have the Read and Execute permission... :(
– Kzrystof
Apr 3 at 12:41
1
As a test can you add your principal to the owner group on the resource. If that works then you have missed a folder permission somewhere.
– simon_dmorias
Apr 3 at 13:10
add a comment |
The RBAC roles on the Gen1 lake do not grant access to the data (just the resource itself), with exception of the Owner role which grants Super User access and does grant full data access.
You must grant access to the folders/files themselves using Data Explorer in the Portal or download storage explorer using POSIX permissions.
This guide explains the detail of how to do that: https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-access-control
Reference: https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-secure-data
Only the Owner role automatically enables file system access. The
Contributor, Reader, and all other roles require ACLs to enable any
level of access to folders and files
answered Mar 25 at 11:39
simon_dmoriassimon_dmorias
7741514
The RBAC roles on the Gen1 lake do not grant access to the data (just the resource itself), with exception of the Owner role which grants Super User access and does grant full data access.
You must grant access to the folders/files themselves using Data Explorer in the Portal or download storage explorer using POSIX permissions.
This guide explains the detail of how to do that: https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-access-control
Reference: https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-secure-data
Only the Owner role automatically enables file system access. The
Contributor, Reader, and all other roles require ACLs to enable any
level of access to folders and files
answered Mar 25 at 11:39
simon_dmoriassimon_dmorias
7741514
answered Mar 25 at 11:39
simon_dmoriassimon_dmorias
7741514
answered Mar 25 at 11:39
simon_dmoriassimon_dmorias
7741514
answered Mar 25 at 11:39
simon_dmoriassimon_dmorias
7741514
7741514
Sorry for the delayed response. I did have the permissions on both folders... :(
– Kzrystof
Apr 1 at 12:01
You must have at least Execute permission on every folder above the folder you are trying to access (including root).
– simon_dmorias
Apr 3 at 12:19
The root, the tenantdata folder and the events folder all do have the Read and Execute permission... :(
– Kzrystof
Apr 3 at 12:41
1
As a test can you add your principal to the owner group on the resource. If that works then you have missed a folder permission somewhere.
– simon_dmorias
Apr 3 at 13:10
add a comment |
Sorry for the delayed response. I did have the permissions on both folders... :(
– Kzrystof
Apr 1 at 12:01
You must have at least Execute permission on every folder above the folder you are trying to access (including root).
– simon_dmorias
Apr 3 at 12:19
The root, the tenantdata folder and the events folder all do have the Read and Execute permission... :(
– Kzrystof
Apr 3 at 12:41
1
As a test can you add your principal to the owner group on the resource. If that works then you have missed a folder permission somewhere.
– simon_dmorias
Apr 3 at 13:10
Sorry for the delayed response. I did have the permissions on both folders... :(
– Kzrystof
Apr 1 at 12:01
Sorry for the delayed response. I did have the permissions on both folders... :(
– Kzrystof
Apr 1 at 12:01
You must have at least Execute permission on every folder above the folder you are trying to access (including root).
– simon_dmorias
Apr 3 at 12:19
You must have at least Execute permission on every folder above the folder you are trying to access (including root).
– simon_dmorias
Apr 3 at 12:19
The root, the tenantdata folder and the events folder all do have the Read and Execute permission... :(
– Kzrystof
Apr 3 at 12:41
The root, the tenantdata folder and the events folder all do have the Read and Execute permission... :(
– Kzrystof
Apr 3 at 12:41
1
1
As a test can you add your principal to the owner group on the resource. If that works then you have missed a folder permission somewhere.
– simon_dmorias
Apr 3 at 13:10
As a test can you add your principal to the owner group on the resource. If that works then you have missed a folder permission somewhere.
– simon_dmorias
Apr 3 at 13:10
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55300048%2fdatabricks-fails-accessing-a-data-lake-gen1-while-trying-to-enumerate-a-director%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Maybe try setting the application to the
Contributorrole instead ofReader.– Jon
Mar 24 at 14:18