Skip to main content
To homepage To homepage
Solved

Error when processing data from odx to snowflake

Roy V
Problem Solver
Forum|alt.badge.img+2
  • Roy V
  • Problem Solver
  • 56 replies

Good afternoon

We are working on the migration to fully deploy to Snowflake. We created a sas token as described in the instruction (https://support.timextender.com/configure-resources-126/use-snowflake-data-warehouse-storage-727) and added the token in the ODX settings in the portal.  However when we deploy and execute to Snowflake the deployment goes fine but when executing we get the following error:
Failure using stage area. Cause: [This request is not authorized to perform this operation. (Status Code: 403; Error Code: AuthorizationFailure)]

In Snowflake the user has enough priviliges but it is when running the stage that want to read from the data lake storage that this error occures.
The storage account has enabled that you can read from it with keys so that should not be the issue.
Any ideas on why Snowflake can not access the data lake?

Best answer by Christian Hauggaard

Hi @Roy V I have created a support ticket for this

View original
    Did this topic help you find an answer to your question?

    5 replies

    Christian Hauggaard
    Community Manager
    Forum|alt.badge.img+5

    Hi @Roy V 

    Can you please ensure that:

    • the “allow access from” setting in your data lake is set to All Networks 
    • The SAS token you have generated is still valid
    • The app registration has been added to the data lake with the Storage Blob Data Contributor role
    Roy V
    Problem Solver
    Forum|alt.badge.img+2
    • Roy V
    • Author
    • Problem Solver
    • 56 replies
    • June 18, 2024

    Thanks for your reaction.
    For security reasons we can and do not want to set the data lake open to all networks.

    What should we add specific for Snowflake to be able to address the datalake?

    Roy V
    Problem Solver
    Forum|alt.badge.img+2
    • Roy V
    • Author
    • Problem Solver
    • 56 replies
    • June 19, 2024

    for a test I set the storage account open to all networks

    this results in the following error (where the snowflake user has accountadmin access so to my opion it can not be related to access on snowflake side):
     

    -------------------------

        -Execute DSA_History HIST.TOBIASAX_HCMTITLE ODX Transfer 'Failed'
            System.AggregateException: One or more errors occurred. ---> Snowflake.Data.Client.SnowflakeDbException: Error: SQL access control error:
    Insufficient privileges to operate on stage 'TimeXtender_ExternalStage_4f07df3c5b524bb6a421fe32b78128dd_39717e1130d846c0bb2090652a1f956f' SqlState: 42501, VendorCode: 3001, QueryId: 01b51c00-0203-f860-0001-61aa00f5ba12
               at Snowflake.Data.Core.SFStatement.ExecuteHelper[T,U](Int32 timeout, String sql, Dictionary`2 bindings, Boolean describeOnly)
               at Snowflake.Data.Core.SFStatement.Execute(Int32 timeout, String sql, Dictionary`2 bindings, Boolean describeOnly)
               at Snowflake.Data.Client.SnowflakeDbCommand.ExecuteInternal(Boolean describeOnly)

    Christian Hauggaard
    Community Manager
    Forum|alt.badge.img+5

    Hi @Roy V I have created a support ticket for this

    Roy V
    Problem Solver
    Forum|alt.badge.img+2
    • Roy V
    • Author
    • Problem Solver
    • 56 replies
    • September 23, 2024

    As snowflake is on a different subscription you can not give access to the ADLS in the Azure Portal directly..
    In snowflake you can retrieve the subnets that need to be given access to and with an Azure Power shell script this access can then be given to the ADLS. 

    When that has been done the ODX and Snowflake can communicate with each other.

    Reply


    Most helpful members this week

    Terms and ConditionsCookie settings

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings