Get Inspire insights from former attendees in our AMA discussion thread on Inspire Buzz. ACEs and other community members are on call all week to answer!
The Product Idea boards have gotten an update to better integrate them within our Product team's idea cycle! However this update does have a few unique behaviors, if you have any questions about them check out our FAQ.
community Alteryx IO Alteryx.com
alteryx Community
Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Close
Free Trial

Alteryx Designer Desktop Ideas

Share your Designer Desktop product ideas - we're listening!
Submitting an Idea?

Be sure to review our Idea Submission Guidelines for more information!

Submission Guidelines

Azure Data Lake File Input/Output Fine Grained Access

Status: Accepting Votes Submitted by on ‎05-19-2022 08:03 AM
1 Comment (1 New)

The current Azure Data Lake tool appears to lack the ability to connect if fine grained access is enabled within ADLS using Access Control Lists (ACL)

It does work when Role Based Access Control (RBAC) is used by ACL provides more fine grained control to the enviroment

 

For example using any of the current auth types: End-User Basic, End-User (advanced) or Service-to-Service if the user has RBAC to ADLS the connector would work

In that scenario though the user would be granted to an entire container which isn't ideal

  • azureStorageAccount/Container/Directory
    • Example: azureStorageAccount/Bronze/selfService1 or azureStorageAccount/Bronze/selfService2
    • In RBAC the user is granted to the container level and everything below so you cannot set different permissions on selfService 1 or selfService2 which may have different use cases

The ideal authentication would be to the directory level to best control and enable self service data analytic teams to use Alteryx

  • In this access pattern the user would only be granted to the directory level (e.g. selfService1 or selfService2 from above)

The existing tool appears to be limited where if don't have access at the container level but only at the directory level then the tool cannot complete the authentication request.  This would require the input for the tool to be able to select a container (aka file system name) from the drop down that included the container+ the directory

  • Screenshot example A below shows how the file system name would need to be input
  • Screenshot example B below shows what happens if you have ACL access to ADLS at the directory level and not at the container level

 

Access control model for Azure Data Lake Storage Gen2 | Microsoft Docs

 

Example A

AStasi_2-1652972198944.png

 

Example B

AStasi_3-1652972437620.png

 

 

 

 

See more ideas labeled with:
0 Likes
1 Comment
AlteryxCommunityTeam
Alteryx Community Team
Alteryx Community Team
‎08-31-2022 05:38 PM
Status changed to: Accepting Votes
 
0 Likes
Labels