In azure blob storage, I can create a Sas key with read permissions for a specific file, or a container, but can't do this for a directory.
Is there a way in Azure Data Lake Storage Gen2 to create a Sas key that will allow access to a directory and all the files in it? If there is a way, how can I do this?
As far as I know, we cannot create a SAS key for a directory in Azure Data Lake Storage Gen2, but you can set file and directory level permissions by using access control lists.
.net as an example, this example gets and sets the ACL of a directory named my-directory. The string user::rwx,group::r-x,other::rw- gives the owning user read, write, and execute permissions, gives the owning group only read and execute permissions, and gives all others read and write permission.
public async Task ManageDirectoryACLs(DataLakeFileSystemClient fileSystemClient)
{
DataLakeDirectoryClient directoryClient =
fileSystemClient.GetDirectoryClient("my-directory");
PathAccessControl directoryAccessControl =
await directoryClient.GetAccessControlAsync();
foreach (var item in directoryAccessControl.AccessControlList)
{
Console.WriteLine(item.ToString());
}
IList<PathAccessControlItem> accessControlList
= PathAccessControlExtensions.ParseAccessControlList
("user::rwx,group::r-x,other::rw-");
directoryClient.SetAccessControlList(accessControlList);
}
For specific practices and instructions, you can refer to this official document.
