none
Data Lake Analytics - Linked service - Problem assigning Service principal ID & Service principal key

    Question

  • Hello!

    I am facing a problem when trying to set up linked service (Azure Data Lake Analytics). What i am trying to do is:

    1. First i've prepared an U-SQL script for aggregating BLOB storage telemetry data (from Azure IoT HUB)

    2. Then i set up Azure Data Factory service inside my Azure account

    3. I've publish U-SQL script in Azure Data Factory. Basically the script reads the BLOB storage (AVRO compressed files) and transform them into CSV file. I would like to accomplish this task on daily base, so i've tried to create a trigger for that. During the creatinon, i must assign the ADLA linked service, with "Service principal ID" and "Service principal key".

    Picture link: social.msdn.microsoft.com/Forums/getfile/1284907

    I've tried to go to the Azure Data Factory service inside my Azure account / control panel and get ApplicationId / ObjectId. I've got the key from the Keys section (i've created a new one).

    I am keep getting "Connection failed" error. Please see the details (i've removed accounts name and application services names).

    Connection failed
    [{"code":2710,"message":"Failed to connect to ADLA account '{My_ADLA_Account}' with error
    'The client '{MyClientId}' with object id '{MyObjectId}'
    does not have authorization to perform action 'Microsoft.Authorization/permissions/read' over scope
    '/subscriptions/{MySubscriptionId}/resourceGroups/{MyAnalyticsAccount}/providers/Microsoft.DataLakeAnalytics/accounts/{MyAccount}/providers/Microsoft.Authorization'. "}]

    The goal is to create a trigger, which will run an custom U-SQL script on daily base.

    Thank you for your kind help and answers.





    • Edited by NaceS Thursday, June 21, 2018 9:32 AM Text change.
    Thursday, June 21, 2018 9:25 AM

Answers

All replies

  • Please follow this doc and give right permission to your account. 
    • Marked as answer by NaceS Friday, June 22, 2018 7:05 AM
    • Edited by Fang Liu (ADMS) Friday, June 22, 2018 7:09 AM
    Thursday, June 21, 2018 3:18 PM
  • Hello!

    Thank you very much for your answer. As mentioned above, the steps to resolve the issue was:

    Create Service Principal Authentication

    The Azure Data Lake Analytics linked service requires a service principal authentication to connect to the Azure Data Lake Analytics service. To use service principal authentication, register an application entity in Azure Active Directory (Azure AD) and grant it the access to both the Data Lake Analytics and the Data Lake Store it uses. Make note of the following values, which you use to define the linked service:

    • Application ID
    • Application key
    • Tenant ID

    Useful links to read for resolving the issue (*'https' removed, because my account is currently not verified)

    You can get ApplicationId and Keys in Azure Active Directory section. Steps to create the key:

    1. From App registrations in Azure Active Directory, select your application.
    2. Copy the Application ID and store it in your application code.
    3. To generate an authentication key, select Settings.
    4. To generate an authentication key, select Keys.

    docs.microsoft.com/en-us/azure/data-factory/transform-data-using-data-lake-analytics#azure-data-lake-analytics-linked-service

    docs.microsoft.com/en-gb/azure/data-lake-store/data-lake-store-service-to-service-authenticate-using-active-directory

    docs.microsoft.com/en-gb/azure/azure-resource-manager/resource-group-create-service-principal-portal#get-application-id-and-authentication-key





    Friday, June 22, 2018 6:16 AM