Get-AzureRmDataLakeStoreChildItem access issue

0
votes

I am trying to run this powershell cmdlet :

Get-AzureRmDataLakeStoreChildItem -AccountName "xxxx" -Path "xxxxxx"

It fails with an access error. It does not really make sense because i have complete access to the ADLS account. I can browse in the Azure portal. It does not even work with a AzureRunAsConnection from an automation account. But it works perfectly for my colleague. What am i doing wrong?

Error :

Operation: LISTSTATUS failed with HttpStatus:Forbidden RemoteException: AccessControlException LISTSTATUS failed with error 0x83090aa2 (Forbidden. ACL verification failed. Either the resource does not exist or the user is not authorized to perform the requested operation.). [1f6e5d40-9be1-4682-84be-d538dfca0d19][2019-01-24T21:12:27.0252648-08:00] JavaClassName: org.apache.hadoop.security.AccessControlException. Last encountered exception thrown after 1 tries. [Forbidden ( AccessControlException LISTSTATUS failed with error 0x83090aa2 (Forbidden. ACL verification failed. Either the resource does not exist or the user is not authorized to perform the requested operation.).

I don't see any firewall restrictions : enter image description here

1
azure-powershellazure-data-lake
Did you set the firewall?Joy Wang-MSFT
@JoyWang i don't see any firewall restrictions. updated my post with a screenshot.faizal
Check the powershell module version, is it the same with your colleague's?Joy Wang-MSFT
@JoyWang it's the same.faizal

1 Answers

0
votes

I resolved the problem by providing read and execute access to all parent folders in the path. Since ADLS uses the POSIX standard, it does not inherit permissions from parent folders. So, even though the SPN(generated by the automation account) i was using had read/execute access to the specific folder i was interested in, it did not have access to other folders in that path.