Azure-docs: Detail permissions of Databricks to Data Lake Store at Azure IAM level
Tutorial says in "In Add permissions, select a role that you want to assign to the service principal. For this tutorial, select Owner."
"role that you want to assign". Personally I want to assign the least priviledges, by security principle.
- Why would the Databriks resource even need access to the Datalake Store resource at Azure level? Can you detail that part?
- Without further information, of all the available roles, selecting Owner is the most controversial. This page doesn't explains the options and decision criterias. Personally, the most priviledged role I would assign is reader.
Of all the actions available to act on a Data Lake Store, which one requieres the Databriks?
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: d863ab39-0b6a-eb81-9dde-5eb25b46cc33
- Version Independent ID: 655abadf-5f9e-a65b-0109-c5166f956c4d
- Content: Tutorial: Perform ETL operations using Azure Databricks
- Content Source: articles/azure-databricks/databricks-extract-load-sql-data-warehouse.md
- Service: azure-databricks
- GitHub Login: @nitinme
- Microsoft Alias: nitinme
adumont
All 5 comments
@adumont Thanks for the feedback! I have assigned the issue to the content author to evaluate and update as appropriate.
vasivara-MSFT
on 10 May 2018
@adumont Thanks for your questions and interest in Azure Databricks. I am looking at this scenario now and my guess is that we might not need access from Azure Databricks to Data Lake Store at the resource level. We can confine the access just to the folder/file level where the data is stored.
Let me set up a working solution and I'll update the article accordingly.
nitinme
on 26 May 2018
@adumont I have updated the article with the new approach. Please check here - https://docs.microsoft.com/en-us/azure/azure-databricks/databricks-extract-load-sql-data-warehouse#associate-service-principal-with-azure-data-lake-store
To read data in a folder in Data Lake Store, we need Execute permissions at all the folders in the path leading up to the file, and Read permissions on the file itself.
nitinme
on 30 May 2018
@adumont - We'll proceed to close this issue.
@vasivara-MSFT - Please close this issue.
nitinme
on 30 May 2018
@adumont We will now proceed to close this thread. If there are further questions regarding this matter, please reopen it and we will gladly continue the discussion.
vasivara-MSFT
on 30 May 2018
Related issues
clangnerakq
·
46Comments
danielstocker
·
70Comments
renattomachado
·
42Comments
jlorek
·
46Comments
starforce
·
61Comments