[英]AuthenticationException when creating Azure ML Dataset from Azure Data Lake Gen2 Datastore
I have an Azure Data Lake Gen2 with public endpoint and a standard Azure ML instance.我有一个带有公共端点的 Azure Data Lake Gen2 和一个标准的 Azure ML 实例。 I have created both components with my user and I am listed as Contributor.
我与我的用户一起创建了这两个组件,并且我被列为贡献者。
I want to use data from this data lake in Azure ML.我想在 Azure ML 中使用来自这个数据湖的数据。
I have added the data lake as a Datastore using Service Principal authentication.我已使用服务主体身份验证将数据湖添加为数据存储。
I then try to create a Tabular Dataset using the Azure ML GUI I get the following error:然后,我尝试使用 Azure ML GUI 创建表格数据集,但出现以下错误:
Access denied You do not have permission to the specified path or file.访问被拒绝您没有指定路径或文件的权限。
{
"message": "ScriptExecutionException was caused by StreamAccessException.\n StreamAccessException was caused by AuthenticationException.\n 'AdlsGen2-ListFiles (req=1, existingItems=0)' for '[REDACTED]' on storage failed with status code 'Forbidden' (This request is not authorized to perform this operation using this permission.), client request ID '1f9e329b-2c2c-49d6-a627-91828def284e', request ID '5ad0e715-a01f-0040-24cb-b887da000000'. Error message: [REDACTED]\n"
}
I have tried having our Azure Portal Admin, with Admin access to both Azure ML and Data Lake try the same and she gets the same error.我已经尝试让我们的 Azure 门户管理员访问 Azure ML 和 Data Lake 进行相同的尝试,但她得到了同样的错误。
I tried creating the Dataset using Python sdk and get a similar error:我尝试使用 Python sdk 创建数据集并得到类似的错误:
ExecutionError:
Error Code: ScriptExecution.StreamAccess.Authentication
Failed Step: 667ddfcb-c7b1-47cf-b24a-6e090dab8947
Error Message: ScriptExecutionException was caused by StreamAccessException.
StreamAccessException was caused by AuthenticationException.
'AdlsGen2-ListFiles (req=1, existingItems=0)' for 'https://mydatalake.dfs.core.windows.net/mycontainer?directory=mydirectory/csv&recursive=true&resource=filesystem' on storage failed with status code 'Forbidden' (This request is not authorized to perform this operation using this permission.), client request ID 'a231f3e9-b32b-4173-b631-b9ed043fdfff', request ID 'c6a6f5fe-e01f-0008-3c86-b9b547000000'. Error message: {"error":{"code":"AuthorizationPermissionMismatch","message":"This request is not authorized to perform this operation using this permission.\nRequestId:c6a6f5fe-e01f-0008-3c86-b9b547000000\nTime:2020-11-13T06:34:01.4743177Z"}}
| session_id=75ed3c11-36de-48bf-8f7b-a0cd7dac4d58
I have created Datastore and Datasets of both a normal blob storage and a managed sql database with no issues and I have only contributor access to those so I cannot understand why I should not be Authorized to add data lake.我已经创建了一个普通 blob 存储和一个托管 sql 数据库的数据存储和数据集,没有任何问题,我只有贡献者访问这些,所以我不明白为什么我不应该被授权添加数据湖。 The fact that our admin gets the same error leads me to believe there are some other issue.
我们的管理员遇到同样的错误这一事实让我相信还有其他一些问题。
I hope you can help me identify what it is or give me some clue of what more to test.我希望你能帮助我确定它是什么,或者给我一些线索,让我知道还需要测试什么。
Edit: I see I might have duplicated this post: How to connect AMLS to ADLS Gen 2?编辑:我知道我可能重复了这篇文章: How to connect AMLS to ADLS Gen 2? I will test that solution and close this post if it works
我将测试该解决方案并在可行时关闭此帖子
This was actually a duplicate of How to connect AMLS to ADLS Gen 2?这实际上是如何将 AMLS 连接到 ADLS Gen 2? .
.
The solution is to give the service principal that Azure ML uses to access the data lake the Storage Blob Data Reader access.解决方案是为 Azure ML 用于访问数据湖的服务主体提供存储 Blob 数据读取器访问权限。 And note you have to wait at least some minutes for this to have effect.
请注意,您必须至少等待几分钟才能生效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.