Giving access to Azure Active Directory Application to Enable Polybase

I have run into this a few times now and every time it took me a while to figure out what’s going on, so I figured if I wrote about this on my blog, maybe I would not forget about it next time.

Microsoft has a great article here that details how to setup Azure Data Lake Store loads into an Azure Data Warehouse using Polybase. The article is almost perfect, however, there is one little area where one could get oneself in trouble and I almost always do (hence the need to finally write it down for myself)

The problem manifests itself at the step of the article when you try to create an external table against your ADLS using your database scoped credentials that were created from an Azure Active Directory Application.

When you execute a Create External Table command you might get the following error:

Msg 105019, Level 16, State 1, Line 44

EXTERNAL TABLE access failed due to internal error: ‘Error occurred while accessing HDFS: Java exception raised on call to HdfsBridge_IsDirExist. Java exception message:

GETFILESTATUS failed with error 0x83090aa2 (Forbidden. ACL verification failed. Either the resource does not exist or the user is not authorized to perform the requested operation.).

There are several reasons why you might get this error, but in my particular case, I always get it if I forget to give the root level access to the ADLS to my Azure Active Directory Application. What typically happens is that I need to create an external table on a subfolder several levels below the root, so I would just give access to the app to this subfolder. Unfortunately, it is not enough, the app has to have access to all of the subfolders above including the root.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s