Hello @Porsche Me , I apologize for the delay in my response, as it took me sometime to setup a repro and test this scenario out, I wanted to make myself clear on the setup and hence spent some time testing this.
Let me share the answers to the points you listed above:
- The app1, a multi-tenant app was created using the Azure portal in our tenant
Ans: Understood this and took this point into account while setting up the repro. - Other tenants will consent to our app and grant permission to read the Azure Data Lake instance present in their tenant.
Ans: This is totally possible using a multi-tenant app as you mentioned. The service principal object of this app that gets registered in their tenant, they need to add that to their Azure Data Lake's RBAC and also to the File ACLs. - A service (Azure Datafactory Pipeline) in our tenant will use app1 service principal to read data in other tenants Azure Data Lake instance
Ans: Yes, a service (Azure Datafactory Pipeline) in our tenant will use app1 service principal(SP) to read data in other tenant Azure Data Lake instance(ADLS) once the necessary permissions are provided for app1 SP to ADLS
Hope this helps.
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer; if the above response helped in answering your query.