Again, you have two issues here: 1. Making sure that your app has contributor role 2. Making sure that the identities you created with the quick start template have the right permissions   If you follow the instructions I gave you (create the proper app + run the script), it should work. ... View more

Hi Valerio,   First, regarding the app role, I think the quick start doc page is out of date (I reported this to our doc team). You do not need to create a custom role, as long as you create your credential app like this (replace subscriptionId with your ID): az ad sp create-for-rbac \ --name http://your-cloudbreak-app \ --role Contributor \ --scopes /subscriptions/{subscriptionId}     Secondly, did you run step 3 completely? Specifically, after the quick start, make sure to run this in an Azure bash shell post quickstart deployment (replace YOUR_SUBSCRIPTION_ID and YOUR_RG with the values used in quickstart): export SUBSCRIPTIONID="YOUR_SUBSCRIPTION_ID" export RESOURCEGROUPNAME="YOUR_RG" export STORAGEACCOUNTNAME=$(az storage account list -g $RESOURCEGROUPNAME|jq '.[]|.name'| tr -d '"') export ASSUMER_OBJECTID=$(az identity list -g $RESOURCEGROUPNAME|jq '.[]|{"name":.name,"principalId":.principalId}|select(.name | test("AssumerIdentity"))|.principalId'| tr -d '"') export DATAACCESS_OBJECTID=$(az identity list -g $RESOURCEGROUPNAME|jq '.[]|{"name":.name,"principalId":.principalId}|select(.name | test("DataAccessIdentity"))|.principalId'| tr -d '"') export LOGGER_OBJECTID=$(az identity list -g $RESOURCEGROUPNAME|jq '.[]|{"name":.name,"principalId":.principalId}|select(.name | test("LoggerIdentity"))|.principalId'| tr -d '"') export RANGER_OBJECTID=$(az identity list -g $RESOURCEGROUPNAME|jq '.[]|{"name":.name,"principalId":.principalId}|select(.name | test("RangerIdentity"))|.principalId'| tr -d '"') # Assign Managed Identity Operator role to the assumerIdentity principal at subscription scope az role assignment create --assignee $ASSUMER_OBJECTID --role 'f1a07417-d97a-45cb-824c-7a7467783830' --scope "/subscriptions/$SUBSCRIPTIONID" # Assign Virtual Machine Contributor role to the assumerIdentity principal at subscription scope az role assignment create --assignee $ASSUMER_OBJECTID --role '9980e02c-c2be-4d73-94e8-173b1dc7cf3c' --scope "/subscriptions/$SUBSCRIPTIONID" # Assign Storage Blob Data Contributor role to the loggerIdentity principal at logs filesystem scope az role assignment create --assignee $LOGGER_OBJECTID --role 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' --scope "/subscriptions/$SUBSCRIPTIONID/resourceGroups/$RESOURCEGROUPNAME/providers/Microsoft.Storage/storageAccounts/$STORAGEACCOUNTNAME/blobServices/default/containers/logs" # Assign Storage Blob Data Owner role to the dataAccessIdentity principal at logs/data filesystem scope az role assignment create --assignee $DATAACCESS_OBJECTID --role 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b' --scope "/subscriptions/$SUBSCRIPTIONID/resourceGroups/$RESOURCEGROUPNAME/providers/Microsoft.Storage/storageAccounts/$STORAGEACCOUNTNAME/blobServices/default/containers/data" az role assignment create --assignee $DATAACCESS_OBJECTID --role 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b' --scope "/subscriptions/$SUBSCRIPTIONID/resourceGroups/$RESOURCEGROUPNAME/providers/Microsoft.Storage/storageAccounts/$STORAGEACCOUNTNAME/blobServices/default/containers/logs" # Assign Storage Blob Data Contributor role to the rangerIdentity principal at data filesystem scope az role assignment create --assignee $RANGER_OBJECTID --role 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' --scope "/subscriptions/$SUBSCRIPTIONID/resourceGroups/$RESOURCEGROUPNAME/providers/Microsoft.Storage/storageAccounts/$STORAGEACCOUNTNAME/blobServices/default/containers/data" Let me know if that works out for you. ... View more

Absolutely, we have a partner team that can work with you.   More info here: https://www.cloudera.com/partners/cloudera-connect-partner-program.html ... View more

Hi Valerio,   There is some mapping to be done to enable your permissions. I think the best way for you to move forward would be to use the resources available to you: 1. Free training, e.g. https://www.cloudera.com/about/training/courses/cloudera-essentials-for-cdp.html  2. Tutorials, e.g. https://www.cloudera.com/tutorials/cdp-how-to-create-a-data-hub.html 3. If you are a Cloudera customer, I do recommend to reach out to your account team. We have CDP experts that can help you quickly rather than asynchronously. ... View more

Hi there,   Regarding your datahub failure, it may be due to the fact that your FQDN is too long. Could you try launching a cluster with a shorter name?   As for the environment not being deleted: what error are you facing when trying to delete it? ... View more

Hola Valerio,   Looking at Screenshot (34), it looks like you used the AssumerIdentity everywhere. Instead, you should use a combination of Logger/Ranger/Assumer/DataAccess identities, as detailed here: https://docs.cloudera.com/management-console/cloud/azure-quickstart/topics/mc-azure-quickstart-environment.html   Could you try with the proper identity combination and see if that helps? ... View more

Hi Valerio,   A few things to check: 1. If you go to the datalake tab in the UI: can you access the CM UI? The logs there should tell you more 2. This is most likely a bad combination of setup of your managed identity/storage account. Best way to know what's wrong is to send us screenshots of your managed identity/storage account setup in Azure portal + how you call them in the environment creation wizard in CDP. ... View more

Ha! Good catch! ... View more

Do me a favor and try this:   - open a terminal session (do not use !) - run the following commands: chmod a+r /home/cdsw/drivers/hive/HiveJDBC41.jar CLASSPATH=.:/home/cdsw/drivers/hive/HiveJDBC41.jar export CLASSPATH - close the session and try to run your python code  ... View more

Did you actually run the export in a terminal session, as follows? CLASSPATH=.:/home/cdsw/drivers/HiveJDBC41.jar export CLASSPATH     ... View more