unable to retrieve secret from KV using RBAC

[soferreira]

Documentation link: https://docs.microsoft.com/en-us/azure/synapse-analytics/spark/microsoft-spark-utilities?pivots=programming-language-python#configure-access-to-azure-key-vault

I am using RBAC and not Access policies.

I tested the connection to KV and it's working fine, see Image 1. However, I am unable to retrieve the secret from my KV with "Key Vault Secrets User" or "Key Vault Reader", see Image 2.

Shouldn't these roles give enough permission to the workspace to retrieve the secret from KV?

notebook code:

source_cs = mssparkutils.credentials.getSecretWithLS('medallion_kv_ls', 'medallion-acc-cs')

Image 1:

Image 2:

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: c1f7baad-e28d-8e25-2852-b58499cdca8c
• Version Independent ID: d88f15f9-7218-3ce2-30bb-388fc63f6ddc
• Content: Introduction to Microsoft Spark utilities - Azure Synapse Analytics
• Content Source: articles/synapse-analytics/spark/microsoft-spark-utilities.md
• Service: synapse-analytics
• Sub-service: spark
• GitHub Login: @ruixinxu
• Microsoft Alias: ruxu

[YashikaTyagii]

@soferreira Thanks for your feedback! We will investigate and update as appropriate.

[RamanathanChinnappan-MSFT]

Hi @soferreira , We have investigated issue from our side. you can change the authentication method and try once. for your reference I have shared previous similar case below. please go through this. https://github.com/MicrosoftDocs/azure-docs/issues/93812

[soferreira]

Hi @RamanathanChinnappan-MSFT

I am using System Assigned Managed identity and I am running the notebook from pipeline. The pipeline works well if I use access policies. However, it does not work if I use RBAC.

Does that mean that RBAC not supported by the library at the moment?

[RamanathanChinnappan-MSFT]

Hi @soferreira,

Thanks for your feedback! We have assigned the issue to author and will provide further updates.

[jbradwin]

@ruixinxu Were you able to confirm this defect with the product team? I am experiencing this undesired behavior as well.

[abdullah-p]

@RamanathanChinnappan-MSFT @ruixinxu hi, do you have any updates on resolving this bug?

[bandersmsft]

Thanks for your dedication to our documentation. Unfortunately, at this time we have been unable to review your issue in a timely manner and we sincerely apologize for the delayed response. We are closing this issue for now, but if you feel that it's still a concern, please respond and let us know. If you determine another possible update to our documentation, please don't hesitate to reach out again. #please-close