3
votes

I have Azure Data Lake Gen1 and I am using Powershell scripts to give the access permissions to the folders and the script works fine. With a change in the requirements, I have a few child folders created dynamically under the root folder in the Lake.

Is it possible to automatically propagate the permissions to the child folders created dynamically? I tried to use the below powershell script but unless the child folder already exists the Read,Execute permissions of the root doesn't propagate to the Child folders. In the portal I do see an option to apply the parent folder permissions to child folders.Under the Data Lake "Access -> Advanced -> Advanced Access -> Apply folder permissions to sub-folders" Option.

Powershell code: $df Is the Data Factory variable

Set-AzureRmDataLakeStoreItemAclEntry -Account "xxxx.azuredatalakestore.net" -Id $df.Identity.PrincipalId -Path "/" -Permissions ReadExecute -AceType User -Recurse -Concurrency 128

EDIT: Interestingly, if the root folder is created with the Write permissions and the child folders dynamically created they inherit the permissions from the parent. The Read doesn't work that way.

1

1 Answers

2
votes

Satya,

Default permissions on new files and directories in Azure Data Lake Gen1 works in following way. When a new file or directory is created under an existing directory, the default ACL on the parent directory determines:

1) A child directory’s default ACL and access ACL. 2) A child file's access ACL (files do not have a default ACL).

So indirectly you need to create a default permission set for a user and group of user's in the ADLS Access list.

and then when you will create a folder and sub folder, default permission set would be applied in the child directory.

For that you can do the following:

enter image description here

Add a default permission list in the Access control list, all the subfolder would follow the same access hierarchy.

For other example please follow- https://www.sqlchick.com/entries/2018/3/17/assigning-data-permissions-for-azure-data-lake-store-part-3