Quickstart: Share and receive Azure Storage data in-place with Microsoft Purview Data Sharing (preview)

  • Article

Important

This feature is currently in preview. The Supplemental Terms of Use for Microsoft Azure Previews include additional legal terms that apply to Azure features that are in beta, in preview, or otherwise not yet released into general availability.

This article provides a quick guide on how to share data and receive shares from Azure Data Lake Storage (ADLS Gen2) or Blob storage accounts.

Prerequisites

Microsoft Purview prerequisites

  • A Microsoft Purview account. You can also use two Microsoft Purview accounts, one for data provider and one for data consumer to test both scenarios.
  • Your recipient's Azure sign-in email address that you can use to send the invitation to. The recipient's email alias won't work.

Azure Storage account prerequisites

  • Your Azure subscription must be registered for the AllowDataSharing preview feature. Follow the below steps using Azure portal or PowerShell.

    1. In Azure portal, select your Azure subscription that you'll use to create the source and target storage account.
    2. From the left menu, select Preview features under Settings.
    3. Select AllowDataSharing and Register.
    4. Refresh the Preview features screen to verify the State is Registered. It could take 15 minutes to 1 hour for registration to complete.
    5. In addition, to use data share for storage accounts in East US, East US2, North Europe, South central US, West Central US, West Europe, West US, West US2, West US3: Select AllowDataSharingInHeroRegion and Register

    For more information, see Register preview feature.

    The RegistrationState should be Registered. It could take 15 minutes to 1 hour for registration to complete. For more information, see Register preview feature.

    Note

    The following are supported storage account configurations:

    • Azure regions: Canada Central, Canada East, UK South, UK West, Australia East, Japan East, Korea South, and South Africa North
    • Additional Azure Regions: East US, East US2, North Europe, Southcentral US, West Central US, West Europe, West US, West US2, West US3
    • Performance: Standard
    • Redundancy options: LRS

  • Source and target storage accounts created after the registration step is completed. Both storage accounts must be in the same Azure region as each other. Both storage accounts need to be ADLS Gen2 or Blob Storage accounts. Your storage accounts can be in a different Azure region from your Microsoft Purview account.

  • Latest version of the storage SDK, PowerShell, CLI and Azure Storage Explorer. Storage REST API version must be February 2020 or later.

  • The storage accounts need to be registered in the collections where you'll send or receive the share. If you're using one Microsoft Purview account, this can be two different collections, or the same collection. For instructions to register, see the ADLS Gen2 or Blob storage data source pages.

  • If the source or target storage accounts are in a different Azure subscription than the one for Microsoft Purview account, the Microsoft.Purview resource provider is automatically registered in the Azure subscription where the data store is located at the time of share provider adding an asset or share consumer mapping an asset and ONLY if the user has permission to do the /register/action operation for the resource provider. The permission is included in the Contributor and Owner roles.

    Note

    This registration is only needed the first time when sharing or receiving data into a storage account in the Azure subscription.

Required roles

Here are required roles for sharing data and receiving shares.

Azure Storage account roles Microsoft Purview collection roles
Data provider One of the following roles:
  • Owner
  • Storage Blob Data Owner
 Data Reader
Data consumer One of the following roles:
  • Contributor
  • Owner
  • Storage Blob Data Contributor
  • Storage Blob Data Owner
 Data Reader

Note

If you created the Microsoft Purview account, you're automatically assigned all the roles to the root collection. Refer to Microsoft Purview permissions to learn more about the Microsoft Purview collection and roles.

Create a share

There are two ways you can create a data share:

Create share from asset

  1. You can create a share by starting from Data Catalog

    Within the classic Microsoft Purview governance portal or the new Microsoft Purview portal, find the Azure Storage or Azure Data Lake Storage (ADLS) Gen 2 data asset you would like to share data from using either the data catalog search or browse.

    Screenshot that shows the Microsoft Purview governance portal homepage with the search and browse options highlighted.

  2. Once you have found your data asset, select the Data Share button.

    Screenshot of a data asset in the Microsoft Purview governance portal with the Data Share button highlighted.

  3. Select +New Share.

    Screenshot of the Data Share management window with the New Share button highlighted.

  4. Follow the rest of the steps to create your data share.

Create share from application

  1. If you're using the new Microsoft Purview experience You can create a share by starting from the Data Catalog.

    Open the Microsoft Purview portal. Navigate to the Data Catalog application. Then select Shares from the left navigation. Select +New Share.

  2. If you're using the classing Microsoft Purview experience You can create a share by starting from the Data Map.

    Open the Microsoft Purview governance portal. Select the Data Map icon from the left navigation. Then select Shares. Select +New Share.

    Screenshot that shows the Microsoft Purview governance portal Data Map with Data Map, Shares and New Share highlighted.

  3. From either location, select the Storage account type and the Storage account you want to share data from. Then select Continue.

    Screenshot that shows the New Share creation step with Type and Storage account options highlighted.

  4. Follow the rest of the steps to create your data share.

Create share

  1. Specify a name and a description of share contents (optional). Then select Continue.

    Screenshot showing create share and enter details window, with the Continue button highlighted.

  2. Search for and add all the assets you'd like to share out at the container, folder, or file level, and then select Continue.

    Screenshot showing the add assets window, with a file and a folder selected to share.

  3. You can edit the display names the shared data will have, if you like. Then select Continue.

    Screenshot showing the second add assets window with the display names unchanged.

  4. Select Add Recipient and select User or App.

    To share data to a user, select User, then enter the Azure sign-in email address of who you want to share data with. By default, the option to enter email address of user is shown.

    Screenshot showing the add recipients page, with the add recipient button highlighted, default user email option shown.

    To to share data with a service principal, select App. Enter the object ID and tenant ID of the recipient you want to share data with.

    Screenshot showing the add app recipients page, with the add app option and required fields highlighted.

  5. Select Create and Share. Optionally, you can specify an Expiration date for when to terminate the share. You can share the same data with multiple recipients by selecting Add Recipient multiple times.

You've now created your share. The recipients of your share will receive an invitation and they can view the pending share in their Microsoft Purview account.

Receive share

  1. You can view your share invitations in any Microsoft Purview account. Open the Microsoft Purview governance portal by browsing directly to the classic portal or the new Microsoft Purview portal and selecting your Microsoft Purview account.

  2. In the classic portal, select the Data Map icon from the left navigation. In the new portal, navigate to the Data Catalog application.

  3. Select Share invites. If you received an email invitation, you can also select the View share invite link in the email to select a Microsoft Purview account.

    If you're a guest user of a tenant, you'll be asked to verify your email address for the tenant before viewing share invitation for the first time. You can see our guide for steps. Once verified, it's valid for 12 months.

    Screenshot showing the Share invites page in the Microsoft Purview governance portal.

  4. Alternately, within the Microsoft Purview portal, find the Azure Storage or Azure Data Lake Storage (ADLS) Gen 2 data asset you would like to receive the share into using either the data catalog search or browse. Select the Data Share button. You can see all the invitations in the Share invites tab.

  5. Select name of the share to view or configure.

  6. If you don't want to accept the invitation, select Delete.

    Screenshot showing the share attachment page with the delete button highlighted.

    Note

    If you delete an invitation, if you want to accept the share in future it will need to be resent. To deselect the share without deleting select the Cancel button instead.

  7. You can edit the Received share name if you like. Then select a Storage account name for a target storage account in the same region as the source. You can choose to Register a new storage account to attach the share in the drop-down as well.

    Important

    The target storage account needs to be in the same Azure region as the source storage account.

  8. Configure the Path (either a new container name, or the name of an existing share container) and, New folder (a new folder name for the share within in your container).

  9. Select Attach to target.

    Screenshot showing share invitation configuration page, with a share name added, a collection selected, and the accept and configure button highlighted.

  10. On the Manage data shares page, you'll see the new share with the status of Attaching until it has completed and is attached.

    Screenshot showing the attach share window, with the Attach button highlighted after you specify a target data store to receive or access shared data.

  11. You can access shared data from the target storage account through Azure portal, Azure Storage Explorer, Azure Storage SDK, PowerShell or CLI. You can also analyze the shared data by connecting your storage account to Azure Synapse Analytics Spark or Databricks.

Clean up resources

To clean up the resources created for the quick start, follow the steps below:

  1. Within Microsoft Purview portal, delete the sent share.
  2. Also delete your received share.
  3. Once the shares are successfully deleted, delete the target container and folder Microsoft Purview created in your target storage account when you received shared data.

Troubleshoot

To troubleshoot issues with sharing data, refer to the troubleshooting section of the how to share data article. To troubleshoot issues with receiving share, refer to the troubleshooting section of the how to receive shared data article.

Next steps