how can we create a custom role in Data Lake Store Gen 2 has access on azure storage user can view folder and container but not read file data

manish verma 216 Reputation points

HI All,

in Data Lake Gen2.
we have one requirement- we need to create a custom role-adding user in this role

User- should be able to view folder , but not able to read data.

how can we create a custom role to get this requirement

Azure Data Lake Storage
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
997 questions
{count} votes

1 answer

Sort by: Most helpful
  1. PRADEEPCHEEKATLA-MSFT 59,341 Reputation points Microsoft Employee

    @manishverma-7371 Welcome to the Microsoft Q&A platform.

    Reader Role – Let you view everything, but not make any changes.

    The Reader role is an Azure Resource Manager role that permits users to view storage account resources, but not modify them. It does not provide read permissions to data in Azure Storage, but only to account management resources.

    Only roles explicitly defined for data access permit a security principal to access blob or queue data. Roles such as Owner, Contributor, and Storage Account Contributor permit a security principal to manage a storage account, but do not provide access to the blob or queue data within that account.

    Access to blob or queue data in the Azure portal can be authorized using either your Azure AD account or the storage account access key. For more information, see Use the Azure portal to access blob or queue data.

    To understand more in detail, you may go to Storage Account => Access Control (IAM) => Roles => Click on (…) => Permissions

    Checkout permissions for Reader:


    Hope this helps. Do let us know if you any further queries.

    Do click on "Accept Answer" and Upvote on the post that helps you, this can be beneficial to other community members.