堆栈内存溢出
  简体   繁体   English

为什么有些用户可以在 Synapse 工作区中看到链接的 Azure Data Lake Gen 2 资源而其他用户看不到?

[英]Why can some users see in a Synapse Workspace see a Linked Azure Data Lake Gen 2 resource and others can't?

 原文  2021-07-26 18:07:17       azure/ azure-active-directory/ azure-data-lake-gen2/ synapse/ azure-rbac

问题描述

Recently, I created a second Linked Azure Data Lake Storage Gen2 within the Synapse Workspace using the Workspace's Managed Identity and adding it (together with the people that need to analyze it) as a Storage Blob Data Reader.最近,我使用工作区的托管标识在 Synapse 工作区中创建了第二个 Linked Azure Data Lake Storage Gen2 ,并将其(与需要分析它的人员一起)添加为存储 Blob 数据读取器。

I do not have access to the actual resource, but I am able to see the new Linked Azure Data Lake Storage Gen2 resource in the Workspace after linking it.我无权访问实际资源,但我可以在链接后在工作区中看到新的 Linked Azure Data Lake Storage Gen2 资源。 However 2 users that also have Synapse Administrator rights within the Workspace (and have read rights on the actual resource) cannot even see the newly Linked Data Lake in the Workspace.但是,在工作区中也具有 Synapse 管理员权限(并且对实际资源具有读取权限)的 2 个用户甚至无法在工作区中看到新的链接数据湖。 They both have Reader rights on the Workspace resource itself.他们都拥有 Workspace 资源本身的 Reader 权限。 I have Contributor rights on the Workspace and can see the Linked Data Lake even after removing myself from the firewall whitelist.我在工作区上拥有贡献者权限,即使将自己从防火墙白名单中删除,也可以看到链接数据湖。

Any ideas what could cause this behavior?任何想法可能导致这种行为?

1 个解决方案

解决方案1
 0  2021-07-27 10:12:23

Grant Synapse administrators or users the Azure Contributor role on the workspace.授予 Synapse 管理员或用户工作区上的 Azure 参与者角色。

If the workspace creator isn't the owner of the ADLS Gen2 storage account, then Azure Synapse doesn't assign the Storage Blob Data Contributor role to the managed identity.如果工作区创建者不是 ADLS Gen2 存储帐户的所有者,则 Azure Synapse 不会将存储 Blob 数据参与者角色分配给托管标识。

Verify that the Storage Blob Data Contributor role is assigned to the managed identity验证存储 Blob 数据参与者角色是否已分配给托管标识

在此处输入图片说明

Below Role assignments on the Workspace's storage account using IAM (in your case the for the second linked DLS)在使用 IAM 的工作区存储帐户上的角色分配下方(在您的情况下为第二个链接的 DLS)

在此处输入图片说明

Refer: Grant Synapse administrators the Azure Contributor role on the workspace请参阅: 授予 Synapse 管理员工作区上的 Azure 参与者角色

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在 Azure Synapse Analytics 中看不到 Launch Synapse Studio 或 Create Workspace 选项 - Can't see Launch Synapse Studio or Create Workspace options in Azure Synapse Analytics 不能对 Azure Data Lake Gen2 文件使用通配符 - Can't use wildcard with Azure Data Lake Gen2 files 获取列表中数据湖 gen2 文件夹的所有内容 azure 突触工作区 - get all the contents of data lake gen2 folder in a list azure synapse workspace Azure Databricks:无法连接到 Azure Data Lake Storage Gen2 - Azure Databricks: can't connect to Azure Data Lake Storage Gen2 你能有一个没有 HNS 的 Azure Data Lake gen2 吗? - Can you have an Azure Data Lake gen2 without HNS? 可以在 Azure Data Lake Gen 2 Rest API 中使用通配符吗? - Can be used wildcards in Azure Data Lake Gen 2 Rest API? 找不到 Data Lake Store Gen2 - Can't Find Data Lake Store Gen2 Azure Synapse 工作区的链接服务 - Azure Linked Service for a Synapse workspace AZ 突触链接的 Dataverse 表在 AZ 数据湖 Gen2 中消失 - AZ synapse linked Dataverse tables disappearing in AZ data lake Gen2 我们能否使用Azure CLI将文件上传到Azure Data Lake Storage Gen2 - Can we use Azure CLI to upload files to Azure Data Lake Storage Gen2
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM