Share via

Strange error when running Synapse Notebook

Jona 885 Reputation points
2025-07-30T03:28:03.2166667+00:00

Hi,

When developing and runnin in debug mode a notebook, I have no error. This is the code:

User's image

But when orchestrating the notebook inside a Notebook activity and running in a pipeline, This error appears:

User's image

User's image

Can you give me a hand?

regards

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
0 comments
Accepted answer
  1. Smaran Thoomu 28,225 Reputation points Microsoft External Staff Moderator
    2025-07-30T07:28:53.54+00:00

    Hi Jona

    Thanks for sharing the details - this really helps pinpoint the issue.

    From the error message when running the notebook through the pipeline Notebook activity, it looks like you're hitting a permissions issue on the Blob Storage container:

    StatusCode=403, ErrorCode=AuthorizationPermissionMismatch
This request is not authorized to perform this operation using this permission

    This usually means that the identity executing the pipeline doesn't have sufficient permissions on the storage account, even though it works fine in debug mode.

    Why it works in Debug Mode:

    In debug mode, the notebook likely runs under your user identity or workspace managed identity, which already has access to the storage container via RBAC or Access Key.

    Why it fails in Pipeline:

    When orchestrated in a pipeline Notebook activity, the execution runs under the Synapse workspace managed identity, not your personal identity. This managed identity needs explicit permission to access the storage account.

    How to Fix It

    1. Go to the storage account (where the blob container lives).
    2. Assign the Synapse workspace managed identity (you can find it under Synapse Studio > Manage > Managed identities) one of the following roles at the Storage account or container level:
      • Storage Blob Data Contributor - (for read/write access)
      • Storage Blob Data Reader - (if only reading)
    3. You can do this via the Access Control (IAM) blade in the storage account.

    User's image

    Also check:

    Make sure you're using the correct URI prefix:

    • If you're using abfss:// (ADLS Gen2), it requires RBAC.
    • If you're using wasbs:// (Blob URI with access key or SAS), ensure key access is allowed.

    Let me know once you've applied the role, and feel free to re-trigger the pipeline. It should resolve the AuthorizationPermissionMismatch error.

    I hope this information helps. Please do let us know if you have any further queries.

    Kindly consider upvoting the comment if the information provided is helpful. This can assist other community members in resolving similar issues.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.