Alteryx Designer Desktop Ideas

The current Azure Data Lake tool appears to lack the ability to connect if fine grained access is enabled within ADLS using Access Control Lists (ACL)

It does work when Role Based Access Control (RBAC) is used by ACL provides more fine grained control to the enviroment

For example using any of the current auth types: End-User Basic, End-User (advanced) or Service-to-Service if the user has RBAC to ADLS the connector would work

In that scenario though the user would be granted to an entire container which isn't ideal

• azureStorageAccount/Container/Directory
  • Example: azureStorageAccount/Bronze/selfService1 or azureStorageAccount/Bronze/selfService2
  • In RBAC the user is granted to the container level and everything below so you cannot set different permissions on selfService 1 or selfService2 which may have different use cases

The ideal authentication would be to the directory level to best control and enable self service data analytic teams to use Alteryx

• In this access pattern the user would only be granted to the directory level (e.g. selfService1 or selfService2 from above)

The existing tool appears to be limited where if don't have access at the container level but only at the directory level then the tool cannot complete the authentication request.  This would require the input for the tool to be able to select a container (aka file system name) from the drop down that included the container+ the directory

• Screenshot example A below shows how the file system name would need to be input
• Screenshot example B below shows what happens if you have ACL access to ADLS at the directory level and not at the container level

Access control model for Azure Data Lake Storage Gen2 | Microsoft Docs

Example A

Example B