How to restrict Folder and File level access in Datalake Gen2?

Question

How to restrict Folder and File level access in Datalake Gen2?

THIMMAIAH GARI,PRASHANTH,, 201

Hi,

I want to restrict Folder and file level access in Datalake Gen2. Please help me with step by step process to implement this.

PRADEEPCHEEKATLA 90,596 Reputation points

2020-08-19T06:13:24.907+00:00

Hello @THIMMAIAH GARI,PRASHANTH,, ,

Just checking in to see if the below answer helped. If this answers your query, do click “Accept Answer” and Up-Vote for the same. And, if you have any further query do let us know.
PRADEEPCHEEKATLA 90,596 Reputation points

2020-08-20T09:12:20.127+00:00

Hello @THIMMAIAH GARI,PRASHANTH,, ,

Following up to see if the below suggestion was helpful. If this answers your query, do click “Accept Answer” and Up-Vote for the same.
grajee 371 Reputation points

2021-06-03T03:41:25.97+00:00

Pradeep,

I'm working on restricting users from accessing certain folders. The explanation given is incomplete.

At the container level, if I grant RBAC role (say Blob Reader) , that permission will get inherited all the way through to the folders/files.

Now at the ACLs, there is no Deny Rights that I can assign to certain folders/file for a Group. So, how should I be restricting access to folders while using RBACs?

Thanks,
grajee

2 answers

Your answer

PRADEEPCHEEKATLA 90,596 Reputation points

2020-08-19T06:13:24.907+00:00

Hello @THIMMAIAH GARI,PRASHANTH,, ,

Just checking in to see if the below answer helped. If this answers your query, do click “Accept Answer” and Up-Vote for the same. And, if you have any further query do let us know.
PRADEEPCHEEKATLA 90,596 Reputation points

2020-08-20T09:12:20.127+00:00

Hello @THIMMAIAH GARI,PRASHANTH,, ,

Following up to see if the below suggestion was helpful. If this answers your query, do click “Accept Answer” and Up-Vote for the same.
grajee 371 Reputation points

2021-06-03T03:41:25.97+00:00

Pradeep,

I'm working on restricting users from accessing certain folders. The explanation given is incomplete.

At the container level, if I grant RBAC role (say Blob Reader) , that permission will get inherited all the way through to the folders/files.

Now at the ACLs, there is no Deny Rights that I can assign to certain folders/file for a Group. So, how should I be restricting access to folders while using RBACs?

Thanks,
grajee

Answer 1

Hello @THIMMAIAH GARI,PRASHANTH,, ,

Welcome to the Microsoft Q&A platform.

Azure Data Lake Storage Gen2 implements an access control model that supports both Azure role-based access control (Azure RBAC) and POSIX-like access control lists (ACLs). This article summarizes the basics of the access control model for Data Lake Storage Gen2.

ACLs are applied on the file and folder level. The key thing to remember is that you are always going to need RBAC Control Plane permissions in combination with ACLs. Best practice is to assign your security principals RBAC Reader role on the Storage Account/Container level and continue with more restrictive ACLs on the file and folder level.

There are two types of ACLs:

Access ACLs: They control access to an object. An object can be a file or a folder.
Default ACLs: These are ACLs assigned on the folder level only which get inherited as Access ACLs by the child file or folder.

Hope this helps. Do let us know if you any further queries.

----------------------------------------------------------------------------------------

Do click on "Accept Answer" and Upvote on the post that helps you, this can be beneficial to other community members.

Answer 2

Vaibhav Chaudhari 38,901

You can use Azure storage explorer tool and grant access on folder/files as required. Below document has step by step instructions - Manage permissions - data-lake-storage-explorer

=========================================================

Please don't forget to "Accept Answer" and upvote if the response helped -- Vaibhav

Share via

How to restrict Folder and File level access in Datalake Gen2?

2 answers

Your answer