堆栈内存溢出
  简体   繁体   English

Microsoft 权限数据访问策略不适用

[英]Microsoft purview data access policy not applying

 原文  2023-01-17 04:30:21       azure/ azure-purview

问题描述

I am working on this Tutorial from Microsoft Azure team to implement Access provisioning by data owner to Azure Storage datasets.我正在研究 Microsoft Azure 团队的本教程,以实现数据所有者对 Azure 存储数据集的访问配置。 As shown in the image below, the Data Owner Policy is supposed to allow Grady Archie a Read permission on Azure Data Lake Gen2 storage account called acct4dlsgen2 .如下图所示,数据所有者策略应该允许 Grady Archie 对名为acct4dlsgen2Azure Data Lake Gen2存储帐户具有Read权限。 But for some reasons, when Grady Archie logs into Azure portal in the same.network, he is unable to access acct4dlsgen2 storage.但由于某些原因,当 Grady Archie 在 same.network 中登录 Azure 门户时,他无法访问acct4dlsgen2存储。

Question : What I may be doing wrong, and how can we fix the issue?问题:我可能做错了什么,我们如何解决这个问题?

Remarks :备注:

  1. I have satisfied all the prerequisites of the same article mentioned above.我已满足上述同一篇文章的所有先决条件
  2. Have also given Grady Archie the Read permissions on the Purview Collection where this storage account is registered in Purview.还授予 Grady Archie 对该存储帐户在 Purview 中注册的Purview 集合Read权限。
  3. When I give Grady Archie a Read permission directly by going through that storage account via Azure portal, Grady Archie can access that storage after he logs-in.当我通过 Azure 门户访问该存储帐户直接授予 Grady Archie Read权限时,Grady Archie 可以在登录后访问该存储。 But this defeats the purpose of implementing Data Access using Purview as described here by Microsoft team.但这违背了 Microsoft 团队在此处描述的使用 Purview 实现数据访问的目的。

在此处输入图像描述

1 个解决方案

解决方案1
 0  2023-01-24 02:25:15

One of the pre-requisites you have done is to configure the subscription for Purview policies using a PowerShell script您完成的先决条件之一是使用PowerShell 脚本配置权限策略订阅

But this configuration is only applied to newly created storage accounts .但此配置仅适用于新创建的存储帐户 And maybe your storage account was already existing when you configured the subscription for purview policies当您为权限策略配置订阅时,您的存储帐户可能已经存在

if you create a new storage account inside your subscription, I believe your purview policies will work on this account.如果您在订阅中创建一个新的存储帐户,我相信您的权限策略将适用于该帐户。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Microsoft Purview 中的数据治理工作流 - Data Governance Workflow in Microsoft Purview Microsoft Purview - 如何删除 Business Glossary - Microsoft Purview - how to delete a Business Glossary 我们可以一起使用 Microsoft Purview 和 Unity Catalog 吗 - Can we use Microsoft Purview and Unity Catalog together Azure Purview 是否有数据沿袭 API? - Does Azure Purview have a data lineage API? AWS IAM 实例策略将凭证应用于一个区域中的实例,但不应用于另一个区域中的实例 - AWS IAM instance policy applying credentials to instance in one region, but not another Bucket Policy 允许写入访问,尽管策略中只有 getObject - Bucket Policy allows for write access despite only having getObject in policy AWS 政策拒绝访问所有生产资源 - AWS Policy deny access on all production resources 使用访问策略访问加密的 SNS 主题 - Accessing an Encrypted SNS Topic with Access policy 允许角色和策略访问 controller 操作 - Allow roles and policy to access controller action 修改检查器的访问策略 SNS - modify the Access policy SNS for inpector
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM