Azure Data Lake Storage Gen2 - File Access
Embedded Files
The table below illustrates a breakdown of certain operations (such as read, append, delete, create, and list) with corresponding ACL (Access Control List) entries across different directory and file levels ("/Oregon/Portland/Data.txt"):Â
The table below illustrates a breakdown of certain operations (such as read, append, delete, create, and list) with corresponding ACL (Access Control List) entries across different directory and file levels ("/Oregon/Portland/Data.txt"):Â
Legend for ACL Entries:
Legend for ACL Entries:
"R--": Read permission
"RW-": Read and Write permissions
"-WX": Write and Execute permissions
"--X": Execute permission
"---": No permission
"R-X": Read and Execute permissions
Key Takeaways from the Table:
To read "Data.txt," read permission on the file and execute permission through all parent directories are required.
To append to "Data.txt," both read and write permissions are needed on the file with execute permission through all parent directories.
Deleting and creating "Data.txt" require write and execute permissions on the "Portland/" directory.
Listing directories require read and execute permissions on the target directory and execute permissions on all parent directories.
RBAC (Role-Based Access Control):
RBAC (Role-Based Access Control):
Storage Blob Data Reader grants "R-X" (Read permissions)
Storage Blob Data Contributor grants "RWX" (Read, Write, and eXecute/Delete permissions)
Storage Blob Data Owner grants "RWX" (Read, Write, and eXecute/Delete permissions)
source:
https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control
https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control-model
Page updated
Google Sites
Report abuse