Bulk load from selected virtual networks blob storage to Azure SQL Server

I posted before about how to bulk load JSON or CSV file from Blob storage to Azure SQL Database, for that case the storage account was public, that means the storage account was enabled from all networks, you can check or change that setting from Storage Account then Networking, like the following screenshot.

In some scenarios we need to disable public access to the storage account, that means only selected virtual networks and IP addresses have access to the storage account, so if like here we try to get access to the storage account from SQL Server we got access denied error message!

Cannot bulk load because the file "folder/sample.json" could not be opened. Operating system error code 5(Access is denied.).

How can we fix the issue?

We need to take a few steps first.
1- Make sure you tick “Allow Azure services on the trusted services list to access this storage account.” You can see this option from Networking in Storage account.

2- From Access Control (IAM) give “Storage Blob Data Contributor” access to the database, for doing that select “Add role assignment” like the following screenshot.

Then choose “Storage Blob Data Contributor” from the list and in the next page choose “Managed identity” then add database server and click on assign!

Do not forget if you can’t see the server in the list then you need to use Power Shell comment. I explained here before.

Then like I explained here you need to “Create the Master Key” and so on. The SQL Server will have access to the file.