0

Although I can grant access to different users in Azure Data Lake Gen 2 using Powershell, I'd like to be able to grant access so that each user has access to their own separate folders with each Data Lake Gen 2 container e.g. Within Container 1, User A has access to sub folder A and User B has access to Sub Folder B. This is possible using the Storage explorer UI but I'm unable to do so using PowerShell commands.

4

1 回答 1

1

You could use the script below to give permission to the user.

In my sample, I have a container test, there are two folders, folder1 and folder2. I give the rwx permission to the user in folder1.

$storageAccount = Get-AzStorageAccount -ResourceGroupName "xxxxx" -AccountName "joygen"
$ctx = $storageAccount.Context

$filesystemName = "test"
$dirname = "folder1/"
$objectid = "<object-id of the user in Azure AD>"
$acl = New-AzDataLakeGen2ItemAclObject -AccessControlType user -EntityId $objectid -Permission rwx
Update-AzDataLakeGen2Item -Context $ctx -FileSystem $filesystemName -Path $dirname -Acl $acl

After giving the permission, we can check with:

$dir = Get-AzDataLakeGen2Item -Context $ctx -FileSystem $filesystemName -Path $dirname
$dir.ACL

enter image description here

For another user, just use the script to give permission to the folder2.

Update:

Yes, you can. Just use the script below, $objectid1 and $objectid2 are two users, $objectid3 is an Azure AD security group. In the command, notice the usage of -AccessControlType and -InputObject.

$storageAccount = Get-AzStorageAccount -ResourceGroupName "xxxx" -AccountName "joygen"
$ctx = $storageAccount.Context

$filesystemName = "test"
$dirname = "folder1/"
$objectid1 = "<object-id of the user1 in Azure AD>"
$objectid2 = "<object-id of the user2 in Azure AD>"
$objectid3 = "<object-id of the group in Azure AD>"
$acl = New-AzDataLakeGen2ItemAclObject -AccessControlType user -EntityId $objectid1 -Permission rwx
$acl = New-AzDataLakeGen2ItemAclObject -AccessControlType user -EntityId $objectid2 -Permission rwx -InputObject $acl
$acl = New-AzDataLakeGen2ItemAclObject -AccessControlType group -EntityId $objectid3 -Permission rwx -InputObject $acl
Update-AzDataLakeGen2Item -Context $ctx -FileSystem $filesystemName -Path $dirname -Acl $acl

enter image description here

于 2020-01-15T03:49:05.300 回答