使用参数化脚本授予对 Azure Data Lake Gen2 的访问权限
[英]Grant access to Azure Data Lake Gen2 using a parameterized script
问题描述
We are trying to grant read/write access to many folders in our Azure data Lake gen 2 containers and although we can do this through the UI, it's quite tedious and has to be repeated for all environments.
我们正在尝试授予对 Azure data Lake gen 2 容器中许多文件夹的读/写访问权限,尽管我们可以通过 UI 执行此操作,但它非常乏味,并且必须在所有环境中重复。 Has anyone used a better way using Powershell to automate or at least parameterize this process of granted access to Azure Data Lake gen 2 containers and avoid granting access manually?有没有人使用 Powershell 使用更好的方法来自动化或至少参数化授予对 Azure Data Lake gen 2 容器的访问权限的过程并避免手动授予访问权限?
Unfortunately I couldn't get this to work using the following link or other documentation as it's for Gen 1 but it's very similar to what I need to do for gen 2. https://www.sqlchick.com/entries/2018/3/17/assigning-data-permissions-for-azure-data-lake-store-part-3不幸的是,我无法使用以下链接或其他文档使其工作,因为它适用于第 1 代,但它与我需要为第 2 代所做的非常相似。https://www.sqlchick.com/entries/2018/3 /17/assigning-data-permissions-for-azure-data-lake-store-part-3
2 个解决方案
解决方案1
3 已采纳 2019-12-18 04:38:38
According to my test, we can use the PowerShell to manage Azure Data Lake Gen2 permissions.根据我的测试,我们可以使用PowerShell来管理Azure Data Lake Gen2权限。 For more details, please refer to the document更多详情请参考文档
- Install the required module安装需要的模块
install-Module PowerShellGet –Repository PSGallery –Force
install-Module Az.Storage -Repository PSGallery -RequiredVersion 1.9.1-preview –AllowPrerelease –AllowClobber –Force
Besides, please note that if you want to install the module, you need to meet some conditions
- .NET Framework is
4.7.2or greater installed4.7.2或更高版本- PowerShell is
5.1or higher5.1或更高版本
- Script脚本
Connect-AzAccount
$groupName=""
$accountName=""
$account= Get-AzStorageAccount -ResourceGroupName $groupName -Name $accountName
$ctx = $account.Context
$filesystemName = "test"
$dirname="template/"
$Id = "<the Object ID of user, group or service principal>"
$dir=Get-AzDataLakeGen2Item -Context $ctx -FileSystem $filesystemName -Path $dirname
$acl = New-AzDataLakeGen2ItemAclObject -AccessControlType user -EntityId $id -Permission "rw-" -InputObject $dir.ACL
Update-AzDataLakeGen2Item -Context $ctx -FileSystem $filesystemName -Path $dirname -Acl $acl
$dir=Get-AzDataLakeGen2Item -Context $ctx -FileSystem $filesystemName -Path $dirname
$dir.ACL
解决方案2
0 2021-04-20 11:38:05
Thanks Jim Xu for providing the script above.感谢 Jim Xu 提供上述脚本。 I'm just complementing the code with the following items :我只是用以下项目补充代码:
- Get all folders from the container从容器中获取所有文件夹
- Assign ACL for all folders为所有文件夹分配 ACL
- Propagate ACL to all subfolders将 ACL 传播到所有子文件夹
$groupName="resource group name"
$accountName="storage account name"
$account= Get-AzStorageAccount -ResourceGroupName $groupName -Name $accountName
$ctx = $account.Context
$filesystemName = "container name"
$Id = (Get-AzADGroup -DisplayName '<type user / group name here>').Id
$items = Get-AzDataLakeGen2ChildItem -Context $ctx -FileSystem $filesystemName
foreach ( $item in $items) {
$dir = Get-AzDataLakeGen2Item -Context $ctx -FileSystem $filesystemName -Path "$($item.Path)/"
$acl = New-AzDataLakeGen2ItemAclObject -AccessControlType group -EntityId $id -Permission "rwx" -InputObject $dir.ACL -DefaultScope
# Update ACL on blob item
Update-AzDataLakeGen2Item -Context $ctx -FileSystem $filesystemName -Path "$($item.Path)/" -Acl $acl
# Propagate ACL to child blob items
Set-AzDataLakeGen2AclRecursive -Context $ctx -FileSystem $filesystemName -Path "$($item.Path)/" -Acl $acl
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.