-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dbt run fails with "The specified schema name userid@domain either does not exist or you do not have permission to use it #153
Comments
@jhoolachan thanks for putting in the work to get this set up! more info:
Full disclosure: I've never personally gotten active directory integrated authentication to work, as my company uses Azure Active Directory, and it is a lot of work to set that up in a demo environment. If you or your company uses is Azure Active Directory, I definitely recommend the |
@swanderz I'm using Azure SQL and my profiles.yml is below:
I also see the same issue when using service principal authentication. In that scenario, the compiled schema is : client_id@tenant_id As noted, both methods work without issue as long as the schema already exists. I have not tried the CLI auth method but can give it a shot. |
weird! it might be that I highly recommend the p.s. if you're interested in getting started with dbt & Azure SQL, you might be interested in this guide that @chaerinlee1 made. |
The guide is great; thanks for that! I was able to successfully connect via the CLI auth but I'm still facing the same error. My updated profile.yml is below.
The error is the same as when connecting via AAD Integrated:
|
|
|
|
Edit: I saw your note to move it to |
yes, I think so, but let's have that discussion on the as for the main issue, now I'm rather stumped! if you DM me on the dbt Slack, I can give you test Azure SQL to play with (to see if the error persists). Can you log into the db with SSMS, and execute You might want to follow up with you cloud team's set up because in my view, using "Active Directory - Integrated" with Azure SQL must mean that your cloud team has:
@alieus @NandanHegde15 any ideas what might be going on here? |
another thing that would help is if you could go to the |
Ah! Running Is schema creation handled by a particular macro that I can modify to include the authorization clause? |
We are having the same issue, but only when the AAD user is part of an AAD group, and is not the first user attempting this: posted it on stackoverflow, can you confirm that you have the same setup @jhoolachan? Also pasting my full error message, so this thread shows up on Google:
|
This happens because the user can not be created implicitly. If you configured your database like me, and provided permission to an Azure AD group (and not the user themselves), It seems documented in the |
updating scope bc #277 isn't working yet |
I did some testing for the use case of @w0ut0 and figured it out: If we have #277, then we can set the authorization of the schema to the group you're in. That seems to work. You need a few permissions to create the schema and tables/views, but basically with #277 we should get there. I documented the permissions in dbt-labs/docs.getdbt.com#3378 |
Hello,
When I create a schema manually, add it to my profiles.yml, and then submit "dbt run", my model is built successfully. However, if the schema specified in my profiles.yml does not exist, the build fails with:
"The specified schema name 'userid@domain' either does not exist or you do not have permission to use it" "CREATE SCHEMA failed due to previous errors"
when active directory integrated authentication is used. This feels like a DB permissions issue but I am able to log into SSMS using active directory integrated and create schemas without issue. I am also not sure why my userid and domain are being concatenated for the schema name when my profiles.yml contains "schema: staging".
I'm running dbt=0.19.2. What additional information can I provide for troubleshooting?
The text was updated successfully, but these errors were encountered: