[英]Add user rights to Data Lake Store Gen2 Folder with Azure CLI
We would like to set specific rights to an enterprise application in DataLake Gen2 using Azure CLI in our deployment Pipeline.我们想在我们的部署管道中使用 Azure CLI 为 DataLake Gen2 中的企业应用程序设置特定权限。 We use powersehell 7.0 and the az storage extension.
我们使用 powersehell 7.0 和 az storage 扩展。
I can set rights for users, groups and other via cli, but not for a specific user.我可以通过 cli 为用户、组和其他设置权限,但不能为特定用户设置权限。 This user must must have a contributor role (rw-)
此用户必须具有贡献者角色 (rw-)
I have tried to set the rights:我试图设置权限:
az extension add --name storage-preview
az storage blob directory access set -a "default:$user::rw-" -d $dirname -c $filesystemName --account-name $storageaccountname
But it trows the error:'error":{"code":"InvaldAccessControlList","message":"The access control list value is invalid'但它抛出错误:'error":{"code":"InvaldAccessControlList","message":"访问控制列表值无效'
When run运行时
az storage blob directory access show -d $dirname -c $filesystemName --account-name $storageaccountname
{
"acl": "user::rwx,group::r-x,other::---,default:user::rw-,default:group::r-x,default:other::---",
"group": "dummy000-0000-0000-00000000000",
"owner": "$superuser",
"permissions": "rwxr-x---+"
}
It looks like i can't set specific rights this way.看来我无法以这种方式设置特定权限。 I can't use the portal.
我无法使用门户。 Is there a CLI command which i can use.
是否有我可以使用的 CLI 命令。 The documentation is not very clear about this.
文档对此不是很清楚。
I read the linux documentation about ACL's and changed the command as follows:我阅读了有关 ACL 的 linux 文档并将命令更改如下:
#Get Object ID from the aplicationID:
$user = az ad sp show --id dummy000-0000-0000-00000000000 --query objectId
# set default rights to the application and strip the quotes from the objectid
$set = "default:user:"+$user.Replace("`"","")+":rw-"
#set the default rights (child items and new as well):
az storage blob directory access set -a $set -d $dirname -c $filesystemName --account-name $storageaccountname
#check rights:
az storage blob directory access show -d $dirname -c $filesystemName --account-name $storageaccountname
You could use an ad emailadress as a user as well.您也可以将广告电子邮件地址用作用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.