DP-203: 21 - Azure data lake security - Access Control Lists (ACL)

preview_player
Показать описание
Hey data engineers! RBAC is a great way to grant access to Azure data lake except a case when we would like to grant permissions at the more granular level than containers, e.g. for specific directories or files. Fortunately, there is one more method we could use to make it happen - use access control lists (ACL).

Join me in the 21st episode of my free DP-203 series where I talk about the following topics:
• What are ACLs?
• How do they work?
• How to set them up?
• How do they interact with RBAC?
• Finally, which method should we use based on two real-life use cases.

Enjoy!

▬▬▬▬▬▬ IMPORTANT LINKS ▬▬▬▬▬▬

▬▬▬▬▬▬ MEMBERSHIP ▬▬▬▬▬▬
Join this channel to get access to perks:

▬▬▬▬▬▬ CHAPTERS ▬▬▬▬▬▬
00:00 Introduction
00:47 Azure Key Vault revisited
02:18 ACLs
12:01 Demo
19:39 ACLs propagation
24:43 ACL + RBAC
27:37 Two use cases
41:31 Summary
  1. Tybul on Azure
  2. DP-203
  3. dp-203
  4. Azure data lake
  5. secure ADLSg2
  6. ADLSg2
Рекомендации по теме
Azure Data Engineering 0:11:07

Azure Data Engineering Certification Step by Step Guide

Azure Data Factory 0:15:10

Azure Data Factory Hands-On | DP-203 | K21Academy

Azure Data Lake 0:08:55

Azure Data Lake Storage | DP-203 | K21Academy

DP-203: 21 - 0:42:43

DP-203: 21 - Azure data lake security - Access Control Lists (ACL)

Azure DP-203 | 0:14:14

Azure DP-203 | Data Engineer Associate Certification | K21Academy

Microsoft Certified Azure 0:00:26

Microsoft Certified Azure Data Engineer DP-203 | Practice Test | Real Exam | August 2023

Working with Data 0:16:48

Working with Data Storage | DP-203 | K21Academy

[FREE Class] Microsoft 0:00:23

[FREE Class] Microsoft Azure Data Engineer Certification [DP-203] & Q/A | K21Academy

Working with Data 0:44:21

Working with Data Storage | Microsoft Azure Data Engineering | DP-203 | K21Academy

How to Become 0:15:20

How to Become Azure Data Engineer | Azure Data Engineer Certification (DP-203) | K21Academy

Overview of Azure 0:44:36

Overview of Azure Data Engineering (DP-203)

Microsoft Azure DP-203 5:42:47

Microsoft Azure DP-203 Exam Preparation | Sample Questions & Answers (Exam Cram💡)

Data Engineering on 0:07:49

Data Engineering on Microsoft Azure DP-203: Interview Questions

How to prepare 0:00:53

How to prepare for Azure Data [DP-203] Certification & Jobs || K21Academy

Data Science with 0:21:31

Data Science with Azure Databricks | DP-203 | K21Academy

DP-203: Azure Data 0:15:06

DP-203: Azure Data Engineer Associate Certification

DP 203 - 0:10:01

DP 203 - How I Cleared Azure Data Engineer Certification

Azure DP-203 -Data 0:14:14

Azure DP-203 -Data Engineer Associate Certification | K21 Academy

I cleared DP-203 0:07:06

I cleared DP-203 ( Azure data engineering ) exam !

8. Data Engineering 0:15:58

8. Data Engineering on MS Azure DP 203 (Design & implement Storage) - Archiving

DP-203: 01 - 0:26:45

DP-203: 01 - Introduction

Orchestrating Data Movement 0:12:10

Orchestrating Data Movement | DP-203 | K21Academy

How to become 0:05:17

How to become 'Microsoft Certified Azure data Engineer (DP-203)'

DP-203 Exam Prep 1:08:36

DP-203 Exam Prep | Azure Data Engineering | Design and implement data storage| Part - 1

Комментарии
Автор

Thank you Tybul! Good ideas to learn to find out the best options in real cases!!
You are the best teacher!

HamzaBray
Автор

The whole time i was also thinking the same, why would i care so much of the security stuff 😀, and you answered it right at the end. You are the best instructor 🤠. Those 2 cases at the end were super useful to recap what we learnt. Thanks a lot!!

soumikmishra
Автор

Hi Tybul Thanks for this and this usecase example was great to understand which approach to use and when in real world kind of scenario.

KAshIfo
Автор

Great series to learn about Azure Security and the end use case gives fair idea about how to select best from available services !! Thanks Tybul!!

prabhuraghupathi
Автор

Great explanations as always. Thank you!😊

heljava
Автор

Wow such a good explanation. You have mastered it, which would have come with experience. I was a bit confused on the whole security part for dp203, watched your last 4 5 videos, now at least I can relate things. I am glad I found your videos which were uploaded just 1 day back.
If possible please make a summary of the last 4 videos. Keep making more content. 👍

AshishStudyDE
Автор

Amazing explanations!! Thank you so much!

Ef-syqp
Автор

Thank you Tybul! You are the best teacher!

onghuiling
Автор

great video once again, eagerly await the next one :)

michaelbyron
Автор

Great explanation! Thanks a lot for sharing (Y) !!

diegoalias
Автор

Hey Piotr,
Thank you for this session,
You talked about secuirty to access to the datalake but you didn't talk about how to manage security stuff when we work with other storage services like : sql database, is it the same ? or you gonna talk about it in other session ? Thanks

omarouaissi_sekouti
Автор

Hey Tybul, I wanted your opinion on one of the issues I am facing with writing a file to ADLS folder.
Below are the steps :
I have a logic app which has its managed identity on.
I granted this managed identity the ACL permission as "-wx" which stands for write and execute. I even added the default permission.
When I try to write the file to storage using the logic app it gives me an error : Authorization Permission mismatch.

So what i did was added storage blob data contributor role on the ADLS container and that worked but my question is why didnt it work with ACL??

And if ACL cant support managed identity then whats the point of having these permission. Its actually very frustrating. 😊
Looking forward for your answer.

subhashkumar
Автор

Great explanation - went through all your videos of Azure Data Lake Security. However, still unable to help my use case. I am trying to grant Read access to a specific blob within a folder to a User. When the user clicks the blob URL in the browser - it simply says "Resource not found". Yes I have anonymous access enabled to the storage account. If I don't, I get "Public access not permitted" error. So how can I make sure only the user who have access/ACL permission can open the URL and others can't?

forsalemailid
Автор

Hi Piotr, why should we propagate permissions using Storage Account Explorer instead of using Access Permissions in ACL? Initially, we grant read permissions to already existing files in the specified container. Then, we establish Default Permissions to govern any new file or directory that may be ingested in the future.

Lukkorable
Автор

Thank you! These ACLs really look like UNIX filesystem permissions, has it been connected?

dmitryzvorikin
Автор

Nice video, thanks a lot! After the configuration of ACLs, how can I get the list of folders/files that a user can access?

jorgenamour
Автор

27:11 "You shall not pass!!!!" 🤣 Great episode. Btw. is security really that important to know for a Data Engineer? Aren't there teams that manage it or is it solely responsibility of the data engineer?

TheMapleSight
Автор

hi there, thanks for the ACL details explanation.. it helped to solve my blocker, as IaM role doesn't solve folder level.

May I know what device/tools and software you are using to do the drawing in this session? IMO It's beautiful and helps alot to the viewer to understand when you visualized it, rather than just talk.
I'll get one, seems nice to use in Online Meeting.

bubyuguy
Автор

Thank you very much.. Keep it up sir. Please I want to ask you a question about data factory and synapse analytics. In real life scenario, which one is more robust in terms of cost and user friendly to use base on your experience. Both seem perform the same function even though synapse is unified.

fekasng
Автор

RBAC and ACLs can be used together to strike the right balance between granularity and ease of management. 🤝

LATAMDataEngineer