Quickstart: Share and receive Azure Storage data in-place with Microsoft Purview Data Sharing (preview)

Important

This feature is currently in preview. The Supplemental Terms of Use for Microsoft Azure Previews include additional legal terms that apply to Azure features that are in beta, in preview, or otherwise not yet released into general availability.

This article provides a quick guide on how to share data and receive shares from Azure Data Lake Storage (ADLS Gen2) or Blob storage accounts.

For an overview of how data sharing works, watch this short demo.

Prerequisites

Microsoft Purview prerequisites

  • A Microsoft Purview account. You can also use two Microsoft Purview accounts, one for data provider and one for data consumer to test both workflows.
  • Your recipient's Azure sign-in email address that you can use to send the invitation to. The recipient's email alias won't work.

Azure Storage account prerequisites

  • Your Azure subscription must be registered for the AllowDataSharing preview feature. Follow the below steps using Azure portal or PowerShell.

    1. In Azure portal, select your Azure subscription that you'll use to create the source and target storage account.
    2. From the left menu, select Preview features under Settings.
    3. Select AllowDataSharing and Register.
    4. Refresh the Preview features screen to verify the State is Registered. It could take 15 minutes to 1 hour for registration to complete.

    For more information, see Register preview feature.

  • Source and target storage accounts created after the registration step is completed. Both storage accounts must be in the same Azure region as each other. Both storage accounts need to be ADLS Gen2 or Blob Storage accounts. Your storage accounts can be in a different Azure region from your Microsoft Purview account.

    Note

    The following are supported storage account configurations:

    • Azure regions: Canada Central, Canada East, UK South, UK West, Australia East, Japan East, Korea South, and South Africa North
    • Performance: Standard
    • Redundancy options: LRS, GRS, RA-GRS
  • Latest version of the storage SDK, PowerShell, CLI and Azure Storage Explorer. Storage REST API version must be February 2020 or later.

  • The storage accounts need to be registered in the collections where you'll send or receive the share. If you're using one Microsoft Purview account, this can be two different collections, or the same collection. For instructions to register, see the ADLS Gen2 or Blob storage data source pages.

  • If the source or target storage accounts are in a different Azure subscription than the one for Microsoft Purview account, the Microsoft.Purview resource provider is automatically registered in the Azure subscription where the data store is located at the time of share provider adding an asset or share consumer mapping an asset and ONLY if the user has permission to do the /register/action operation for the resource provider. The permission is included in the Contributor and Owner roles.

    Note

    This registration is only needed the first time when sharing or receiving data into a storage account in the Azure subscription.

Required roles

Below are required roles for sharing data and receiving shares.

Azure Storage Account Roles Microsoft Purview Collection Roles
Data Provider Owner OR Storage Blob Data Owner Data Share Contributor
Data Consumer Contributor OR Owner OR Storage Blob Data Contributor OR Storage Blob Data Owner Data Share Contributor

Note

If you created the Microsoft Purview account, you're automatically assigned all the roles to the root collection. Refer to Microsoft Purview permissions to learn more about the Microsoft Purview collection and roles.

Create a share

  1. Within the Microsoft Purview governance portal, select the Data share icon from the left navigation, and then Create a new share.

    Screenshot showing the data share overview page in the Microsoft Purview governance portal.

  2. Provide the details for your share. Specify a name, share type, description of share contents (optional), and collection. Then select Continue.

    If you don't see a collection from the drop-down list, it means you don't have Data Share Contributor role access to any Microsoft Purview collection to share data. Contact your Collection Admin to grant you access.

    Screenshot showing create share and enter details window, with the Continue button highlighted.

  3. To select data to share, select Add Assets.

    Screenshot showing the add assets button highlighted in the new share window.

  4. Select an asset type and a storage account that has already been registered with Microsoft Purview. Select Continue.

    If you don't see a storage account from the drop-down list, select on the Register a new source to share from link below to register your storage account. Azure resource needs to be registered with Microsoft Purview before you can share data from that resource. Your storage account needs to be registered in the same collection as the share. For instructions to register, see the ADLS Gen2 or Blob storage data source pages.

    Screenshot showing select source, with an A D L S gen 2 account selected and Continue highlighted.

  5. Browse your storage account hierarchy and select (check) the objects you want to share. Then select Add.

    Note

    When sharing from a storage account, only files and folders are currently supported. Sharing from container isn't currently supported.

    Screenshot showing the add assets page, with several folders selected to share and the add button highlighted.

  6. Review the assets selected. Optionally, edit Name and Display name which the recipient will see. Select Continue.

    Screenshot showing the add assets second page, with the asset paths listed and the display name bars available to edit.

  7. Select Add Recipient. Enter the Azure login email address of who you want to share data with. Select Create and Share. Optionally, you can specify an expiration date for when to terminate the share. You can share the same data with multiple recipients by clicking on Add Recipient multiple times.

    Note

    In Microsoft Purview governance portal, you can only use user's Azure login email address as recipient. In Microsoft Purview SDK or API, you can use object ID of the user or service principal as a recipient, and you can also optionally specify a target tenant ID (i.e. the Azure tenant recipient can receive the share into).

    Screenshot showing the add recipients page, with the add recipient button highlighted, two users added.

You've now created your share. The recipients of your share will receive an invitation and they can view the pending share in their Microsoft Purview account.

Receive share

  1. You can view your pending shares in any Microsoft Purview account. In the Azure portal, search for and select the Microsoft Purview account you want to use to receive the share.

  2. Open the Microsoft Purview governance portal. Select the Data Share icon from the left navigation. Then select pending received share. If you received an email invitation, you can also select the View pending share link in the email to select a Microsoft Purview account.

    If you're a guest user of a tenant, you'll be asked to verify your email address for the tenant before viewing pending received share for the first time. Once verified, it's valid for 12 months.

    Screenshot showing pending received share button in the Microsoft Purview governance portal.

  3. Select name of the pending share you want to view.

    Screenshot showing the received shares window under the pending tab, with a pending share highlighted to select it.

  4. Specify a Received share name and a collection. Select Accept and configure. If you don't want to accept the invitation, select Reject.

    Screenshot showing pending share configuration page, with a share name added, a collection selected, and the accept and configure button highlighted.

  5. Continue to map asset. Select Map next to the asset to specify a target data store to receive or access shared data.

    Screenshot showing the map asset window, with the map button highlighted next to the asset to specify a target data store to receive or access shared data.

  6. For in-place sharing, target type and locations are determined by the data provider's source type and location. Select a storage account with the same type and location as the source.

    If you don't see a storage account from the drop-down list, select the Register a new data store to map assets link below to register your storage account. Azure resource needs to be registered with Microsoft Purview before you can receive data into that resource. Your storage account needs to be registered in the same collection as the received share.

    Enter additional information required to map asset. Select Map to target.

    Note

    The container where shared data is mapped to is read-only. You cannot write to the container. You can map multiple shares into the same container.

    Screenshot showing the map assets window with a storage account, path, and folder added, and the map to target button highlighted at the bottom of the page.

  7. The screen will show Mapping in progress. Asset mapping can take a few minutes. Select Close.

    You can select "Close" after you've configured the asset mapping. You don't need to wait for the mapping to complete.

    Screenshot showing the map assets window with a mapping in progress and the close button highlighted at the bottom of the window.

  8. Select Assets tab to monitor mapping status. Once mapping is completed, you'll get a notification in the screen. The status will change from Mapping to Mapped.

    Screenshot showing received shares in the Microsoft Purview governance portal, with the share selected, the Assets menu opened, and the status showing as Mapped.

  9. You can access shared data from the target storage account through Azure portal, Azure Storage Explorer, Azure Storage SDK, PowerShell or CLI. You can also analyze the shared data by connecting your storage account to Azure Synapse Analytics Spark or Databricks.

Clean up resources

To clean up the resources created for the quick start, follow the steps below:

  1. Within Microsoft Purview governance portal, delete the sent share.
  2. Also delete your received share.
  3. Once the shares are successfully deleted, delete the target container and folder Microsoft Purview created in your target storage account when you received shared data.

Troubleshoot

To troubleshoot issues with sharing data, refer to the troubleshooting section of the how to share data article. To troubleshoot issues with receiving share, refer to the troubleshooting section of the how to receive shared data article.

Next steps