Configure anonymously accessible Azure Data Lake Gen 2

Jean-Luc Montreuil 1 Reputation point
2022-02-04T19:35:16.047+00:00

My requirement is to create a Data Lake that is publicly accessible from the internet, in the context of proactive data disclosure.

I create an Storage Account and uploaded a file.

The URL to the file's blob is publicly accessible from a browser, e.g.:

https://<storageaccount>.blob.core.windows.net/<container>/<file>  

However, the DFS url to the same file, e.g:

https://<storageaccount>.dfs.core.windows.net/<container>/<file>  

Returns an error:

{"error":{"code":"AuthenticationFailed","message":"Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.\nRequestId:...\nTime:..."}}  

Ultimately, I would like anyone outside the organization to create Power BI reports connecting to this data lake, following the steps here: https://learn.microsoft.com/en-us/power-query/connectors/datalakestorage

The article prerequisite is:

You are granted one of the following roles for the storage account: Blob Data Reader, Blob Data Contributor, or Blob Data Owner.

Is there a way to grant "Blob Data Reader" to "everyone"/anonymous users?

Azure Data Lake Storage
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
1,393 questions
{count} votes

1 answer

Sort by: Most helpful
  1. MartinJaffer-MSFT 26,046 Reputation points
    2022-02-07T18:36:42.94+00:00

    Hello @Jean-Luc Montreuil and welcome to Microsoft Q&A.

    As I understand the ask, you want to make some blobs publicly accessible.

    Depending upon how far you want to go, you could set the entire container to be publicly accessible. You can do this by going to the container listing, and after selecting one or more containers, clicking "Change Access Level". See picture.

    172042-image.png

    Specifies whether data in the container may be accessed publicly. By default, container data is private to the account owner. Use 'Blob' to allow public read access for blobs. Use 'Container' to allow public read and list access to the entire container.

    The difference between these modes, is whether you will allow someone to "navigate" or "browse" (container mode). When set to 'Blob' mode, the user must know the exact url.

    This would be the easiest way, however if there are some items in the container you want to keep private, additional action must be taken.

    • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
    0 comments No comments