1

I just started working with Azure a month ago and I am dealing with many problems connecting the services to each other. So far, to make the storage, vm and synapse interact with each other I just set system assigned managed identities with the Contributor role but I can't find which role or what kind of permissions I need to make Synapse run custom activity in Batch. I got to created the linked service, and in validation I get no errors but when debug I keep getting

Error 2501: Cannot access user batch account; please check batch account settings.

    {
        "errorCode": "2501",
        "message": "Operation returned an invalid status code 'Forbidden'",
        "failureType": "UserError",
        "target": "landing_to_raw",
        "details": []
    }

When I check the Linked Service to Batch I see a message right below the "system assigned managed identity" selection, which shows my synapse user/identity, the id and says that I should grant access to my Azure Batch instance.

Any help will be appreciated. Regards,

I tried to run a batch custom activity in synapse pipeline with no success. I expect that synapse gest to connect to Azure Batch

Improve this question
1
  • Could you please provide your pipeline json? Commented Mar 25, 2024 at 6:04

1 Answer 1

Reset to default
1

When using system-assigned managed identity authentication, the Synapse workspace identity should have access to the batch account. If it doesn't have access, you will get the above error. To grant access, assign the Monitoring Contributor role to your Synapse workspace managed identity as follows:

Step 1: Go to the IAM of the batch account and click on "Add role assignment" as shown below:

enter image description here

Step 2: Search for the Monitoring Contributor role and select it, as shown below:

enter image description here

Step 3: Select the Managed Identity, as shown below:

enter image description here

After selecting the managed identity, click on the Review+assign button, and the role will be assigned successfully. After successful role assignment, when you test the batch account linked service, it will test successfully as shown below:

enter image description here

Then you will be able to run the pipeline successfully without any error.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks Bhavani! When this happened I gave up and changed managed identity by key, I'm going to try this.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.