search

MicrosoftDocs / azure-docs

Open source documentation of Microsoft Azure
https://docs.microsoft.com/azure
Creative Commons Attribution 4.0 International
10.29k stars 21.47k forks source link

Operation failed since the external data source ... has underlying storage account that is not in the list of Outbound Firewall Rules on the server. Please add this storage account to the list of Outbound Firewall Rules on your server and retry the operation. #95884

Closed golfalot closed 1 year ago

golfalot commented 2 years ago

synapse error message bug

There is horrible very time wasting bug that occurs when using Built-in SQL, writing to ADLS gen2 with synapse Data Exfiltration Protection enabled, and Managed Service Identity If you follow the current documentation and use

https://<mystoageaccount>.blob.core.windows.net/<mycontainer>/<mybaseoutputfolderpath> Instead of https://<mystoageaccount>.dfs.core.windows.net/<mycontainer>/<mybaseoutputfolderpath> You get error

Operation failed since the external data source 'https://<mystorageaccount>.blob.core.windows.net/<mycontainer>/<mybaseoutputfolderpath>/<myoutputsubfolder>/' has underlying storage account that is not in the list of Outbound Firewall Rules on the server. Please add this storage account to the list of Outbound Firewall Rules on your server and retry the operation.

a better end to end example

The documentation needs a better end to end example, using ADSL gen2 and Managed Service Identity which should be the the majority use case.

I wish to propose the following replacement example

CREATE DATABASE [<mydatabase>];
GO

USE [<mydatabase>];
GO

CREATE MASTER KEY ENCRYPTION BY PASSWORD = '<strong password>';

CREATE DATABASE SCOPED CREDENTIAL [WorkspaceIdentity] WITH IDENTITY = 'Managed Identity';
GO

CREATE EXTERNAL FILE FORMAT [ParquetFF] WITH (
    FORMAT_TYPE = PARQUET,
    DATA_COMPRESSION = 'org.apache.hadoop.io.compress.SnappyCodec'
);
GO

CREATE EXTERNAL DATA SOURCE [synpaseSQLwriteable] WITH (
    LOCATION = 'https://<mystoageaccount>.dfs.core.windows.net/<mycontainer>/<mybaseoutputfolderpath>',
    CREDENTIAL = [WorkspaceIdentity]
);
GO

CREATE EXTERNAL TABLE [dbo].[<myexternaltable>] WITH (
        LOCATION = '<myoutputsubfolder>/',
        DATA_SOURCE = [synpaseSQLwriteable],
        FILE_FORMAT = [ParquetFF]
) AS
SELECT * FROM [<myview>];
GO

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ShaikMaheer-MSFT commented 2 years ago

@golfalot Thank you for sharing feedback. We are actively validating it. We will share updates soon.

ShaikMaheer-MSFT commented 2 years ago

@filippopovic Could you please validate customer feedback and update or enhance documentation as appropriate? Thank you.

filippopovic commented 2 years ago

@ShaikMaheer-MSFT , adding @azaricstefan for help

filippopovic commented 2 years ago

assign @azaricstefan

mahfooziiitian commented 1 year ago

I am also facing the same issue. any timeline for fix?

filippopovic commented 1 year ago

@azaricstefan could you please take a look?

azaricstefan commented 1 year ago

I created a PR for this, it will be merged soon.

close

Naveenommi-MSFT commented 1 year ago

please-close