Security Roles For Files On Azure Data Lake Store - Part One

In this article, you will learn about security roles for files on Azure Data Lake Store.

Introduction

This article will help you in working with security roles for files on Azure Data Lake Store. Here, in this article, we will be working with adding access permissions for Users in the Azure Data Lake Store account, for different options such as Read, Write, and Execute, followed by setting user roles for different folders, files, and child files.

Note - Please go through my previous articles to know about Azure Data Lake Store, in detail.

  1. Click here for "Creating an Azure Data Lake Store account from Azure portal and adding files to it".

Security in Azure Data Lake Store can be done in multiple ways, as follows.

  • We can start by creating Security Groups in Azure Active Directory; in other words, we can also call it Role-based Access Control in Microsoft Azure.
  • Set Control Access for the Data Lake Store account from the Azure Management Portal.
  • Set Azure Access Directory (AAD) security groups as access control list on the Data Lake Store File System.
  • Set an IP address range for the data to be accessed in the Azure Data Lake Store.

Let's start working on creating Security Groups in Azure Active Directory.

Requirements to work on this demo

  1. An Azure account – Click here to get an Azure account on temporary basis at free of cost.
  2. An Azure Data Lake Store account created on your Azure portal - Click here for creating an Azure Data Lake Store account on Azure portal, and adding files to it.

Follow the below steps now.

Step 1

Go to Azure Portal.

Move for Azure Data Lake Store and select the account that you have created, with a click on Data Explorer.



Click on Access at the Data Explorer.



And here goes your Access Control for the Data Lake Store account of yours.



You can find the permissions assigned here with Owners - read, write, and execute operations. You can also add users and work roles by two ways over here, as follows.

  • Add a user or a group to the account and then assign a role, or
  • Add a role and then assign users/groups to role.

Step 2

Adding a user or a group to the account and then assign a role.

In Access blade, click on Add.



Here, you have two options.

  • Select users or group
  • Select Permissions

Step 3

Click on "Select User or Groups" over here.



We can select the User or Group that we need by entering the email id or by just using the name followed by clicking on Select.

Step 4

You can click on “Select Permissions” and set permissions using different options.

  1. Read.
  2. Write.
  3. Execute.

You can also add permissions using two options.

  1. This Folder.
  2. This Folder and all children.

You can add permission using the following options.

  1. An access permission entry.
  2. A default permission entry.
  3. An access permission entry and a default permission entry.

Let's select the permissions as follows.

Set check in for the following options.

Permissions

  • Read
  • Write
  • Execute

Add to

  • This folder

Add as

  • An access permission entry

After filling all the above check-ins, click on OK.



Now, the access permission for the User “Abdul Rasheed Feroz Khan” has been successfully assigned for the Data Lake Store files on the respective Data Lake Store account. You can also remove the user on this access panel by removing the permissions for the Azure Data Lake Store account.