Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Creating Synapses Workspace through ARM Template using SPN Failing during provisioning "storageRoleDeploymentResource" with BAD Request #60705

Closed
jayendranarumugam opened this issue Aug 12, 2020 · 5 comments
Closed

Creating Synapses Workspace through ARM Template using SPN Failing during provisioning "storageRoleDeploymentResource" with BAD Request #60705

jayendranarumugam opened this issue Aug 12, 2020 · 5 comments
Assignees
@CHEEKATLAPRADEEP-MSFT-zz
Labels
cxp Pri3 product-question resolved-by-customer security/subsvc synapse-analytics/svc triaged

Comments

@jayendranarumugam
Copy link
Contributor

jayendranarumugam commented Aug 12, 2020
edited by mike-urnun-msft
Loading

Is there any Specific permissions needed to include while deploying a Synapses workspace through ARM with SPN Authentication?

ARM will getting failed at `storageRoleDeploymentResource' Resource provisioning state with BAD request

Also the sql admin was randomly assigned with a GUID. Do we need any special permission to include in the doc to cover the SPN Deployment ?

Doc Link: https://docs.microsoft.com/en-us/azure/synapse-analytics/security/how-to-set-up-access-control

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
@mike-urnun-msft
Copy link
Contributor

@jayendranarumugam Thank you for your feedback! We will review and update as appropriate.

@jayendranarumugam
Copy link
Contributor Author

jayendranarumugam commented Aug 13, 2020
edited
Loading

Hi @mike-urnun-msft / @himanshusinha-msft , I just found the workaround but not exactly sure this is correct solution, currently my SPN have contributor access to RG. I've changed the access to owner and it got worked. Is owner access really needed to a SPN for creating Synapses workspace ?

@CHEEKATLAPRADEEP-MSFT-zz
Copy link
Contributor

@jayendranarumugam Glad to know that your issue has resolved. And thanks for sharing the solution, which might be beneficial to other community members reading this thread.

Yes, owner permission is required to a SPN for creating Synapse workspace.

We will now proceed to close this thread. If there are further questions regarding this matter, please comment and we will gladly continue the discussion.

@jayendranarumugam
Copy link
Contributor Author

Thanks @CHEEKATLAPRADEEP-MSFT for the response actually there are some conditions and the condition is depends on the way the storage acc gen 2 creation. This actually needs some clarity. I'll soon create a Dev Post and share here for other to get understand it :)

@jayendranarumugam
Copy link
Contributor Author

For anyone who needs to understand the access. Here is the blog which I wrote. Hope this help some one

https://dev.to/jayendran/azure-synapse-analytics-workspaces-deploy-and-debug-part-1-1fap

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@CHEEKATLAPRADEEP-MSFT-zz CHEEKATLAPRADEEP-MSFT-zz

Labels
cxp Pri3 product-question resolved-by-customer security/subsvc synapse-analytics/svc triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@jayendranarumugam @PRMerger6 @PRMerger12 @mike-urnun-msft @CHEEKATLAPRADEEP-MSFT-zz @himanshusinha-msft