Share via

ADLS Gen 2 with Power bi

Anusha S Raj 21 Reputation points
2022-05-24T18:13:19.737+00:00

I own a shared storage account. An end-user is trying to access a delta table present in ADLS from Powerbi. But facing few issues.
I see there are only two possible ways to connect to ADLS Gen2 from PBi.
1.One is Access Keys. But, i do not want to share it with any other members as this can provide them access to our entire storage.
2.The other is organizational Account in which the user id that they are using to login should also have read access to the entire storage.

Please correct me if I am wrong. In both cases, they will receive the read access to the entire storage account which is not at all feasible. Also is there any other way I can just provide the end-user read access to that one table and they should only be able to connect to only this table from pbi ?

I was as well exploring the azure databricks connector that is available to see if i can access the delta tables present in adls. But seems like that also has a limitation. I am getting the below error.

DataSource.Error: ODBC: ERROR [HY000] [Microsoft][Hardy] (35) Error from server: error code: '0' error message: 'Error getting columns: Invalid configuration value detected for fs.azure.account.key'.

Azure Data Lake Storage
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
1,562 questions
Azure Databricks
Azure Databricks
An Apache Spark-based analytics platform optimized for Azure.
2,534 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. KranthiPakala-MSFT 46,642 Reputation points Microsoft Employee Moderator
    2022-05-26T22:46:56.257+00:00

    Hello @Anusha S Raj ,

    Welcome to the Microsoft Q&A platform and thanks for posting your query.

    Have you got a chance to look at this article: Azure Databricks - Access Azure Data Lake Storage Gen2 using OAuth 2.0 with an Azure service principal
    The above article explains how to connect to ADLS gen2 from Azure Databricks using Service principal and when you use service principal authentication, you can associate that security principal with an access level for files and directories. Each association is captured as an entry in an access control list (ACL). Each file and directory in your storage account has an access control list. When a security principal attempts an operation on a file or directory, An ACL check determines whether that security principal (user, group, service principal, or managed identity) has the correct permission level to perform the operation.

    I would recommend looking at this document which has detailed info about the ACL's in ADLS Gen2 and help avoid other authorization mechanisms like Shared Keys, SAS or RBACs.

    1. Access control model in Azure Data Lake Storage Gen2
    2. Access control lists (ACLs) in Azure Data Lake Storage Gen2
    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.