none
Folder level security in Azure Blob Storage RRS feed

  • Question

  • Hi Team,

    Is there any way by which we can provide folder level access in Azure blob storage?

    My assumption is we can provide access only at container level and all the folders within that container is accessible to the user.

    Is there any way by which we can restrict the access within the container .

    Note: Folder level Security similar to ADLS

    Monday, September 16, 2019 3:17 AM

Answers

  • Key features of Data Lake Storage Gen2

    • Hadoop compatible access: Data Lake Storage Gen2 allows you to manage and access data just as you would with a Hadoop Distributed File System (HDFS). The new ABFS driver is available within all Apache Hadoop environments, including Azure HDInsight, Azure Databricks, and SQL Data Warehouse to access data stored in Data Lake Storage Gen2.
    • A superset of POSIX permissions: The security model for Data Lake Gen2 supports ACL and POSIX permissions along with some extra granularity specific to Data Lake Storage Gen2. Settings may be configured through Storage Explorer or through frameworks like Hive and Spark.
    • Cost effective: Data Lake Storage Gen2 offers low-cost storage capacity and transactions. As data transitions through its complete lifecycle, billing rates change keeping costs to a minimum via built-in features such as Azure Blob storage lifecycle.
    • Optimized driver: The ABFS driver is optimized specifically for big data analytics. The corresponding REST APIs are surfaced through the endpoint dfs.core.windows.net.


    ADLS Gen 2 is to utilize the file system capabilities for analytical workloads, at cost and scalability level associated with object storage.

    • Full PowerShell support for data management operations (i.e., for the data plane)
    • SDKs and misc. APIs (.NET SDK, Python, CLI, etc.)
    • Direct connectivity from Power BI or Azure Analysis Services (workaround: Power BI Dataflows)
    • Full support for logging, auditing, and file system metrics, including Azure Monitor support
    • Integration with Azure Data Lake Analytics (U-SQL)
    • Integration with Azure Data Catalog
    • Destination support from other Azure services such as Azure Stream Analytics, Azure Event Hubs Capture
    • Support from various partners and third parties
    • Many of the built-in Azure Storage features such as snapshots, soft delete, storage tiers (such as hot/cold/archive), lifecycle management, and immutable properties


    For more information on Azure Data Lake Storage Gen2: Click here

    Hope this helps! 

    Kindly let us know if the above helps or you need further assistance on this issue. 
    ------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members.


    Monday, September 16, 2019 9:09 AM
    Moderator

All replies

  • You can use Shared access signature (SAS) can be used to restrict access to either an entire blob container or an individual blob. This is because a folder in blob storage is virtual and not a real folder.

    You may refer to the suggestion mentioned in this article

    Additional information: Authorizing access to Azure Storage

    Hope this helps! 

    Kindly let us know if the above helps or you need further assistance on this issue.
    ------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members.

    Monday, September 16, 2019 7:04 AM
    Moderator
  • If you are looking for folder level security, you can look for using Azure File share instead of Blob. However, you need to provision Azure AD DS in order to setup NTFS permission on Azure file share. Please refer the link below. 

    https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-enable

    Monday, September 16, 2019 7:23 AM
  • Hello Sumanth,

    Then can you tell me what is the below feature: Its use

    Monday, September 16, 2019 7:35 AM
  • Key features of Data Lake Storage Gen2

    • Hadoop compatible access: Data Lake Storage Gen2 allows you to manage and access data just as you would with a Hadoop Distributed File System (HDFS). The new ABFS driver is available within all Apache Hadoop environments, including Azure HDInsight, Azure Databricks, and SQL Data Warehouse to access data stored in Data Lake Storage Gen2.
    • A superset of POSIX permissions: The security model for Data Lake Gen2 supports ACL and POSIX permissions along with some extra granularity specific to Data Lake Storage Gen2. Settings may be configured through Storage Explorer or through frameworks like Hive and Spark.
    • Cost effective: Data Lake Storage Gen2 offers low-cost storage capacity and transactions. As data transitions through its complete lifecycle, billing rates change keeping costs to a minimum via built-in features such as Azure Blob storage lifecycle.
    • Optimized driver: The ABFS driver is optimized specifically for big data analytics. The corresponding REST APIs are surfaced through the endpoint dfs.core.windows.net.


    ADLS Gen 2 is to utilize the file system capabilities for analytical workloads, at cost and scalability level associated with object storage.

    • Full PowerShell support for data management operations (i.e., for the data plane)
    • SDKs and misc. APIs (.NET SDK, Python, CLI, etc.)
    • Direct connectivity from Power BI or Azure Analysis Services (workaround: Power BI Dataflows)
    • Full support for logging, auditing, and file system metrics, including Azure Monitor support
    • Integration with Azure Data Lake Analytics (U-SQL)
    • Integration with Azure Data Catalog
    • Destination support from other Azure services such as Azure Stream Analytics, Azure Event Hubs Capture
    • Support from various partners and third parties
    • Many of the built-in Azure Storage features such as snapshots, soft delete, storage tiers (such as hot/cold/archive), lifecycle management, and immutable properties


    For more information on Azure Data Lake Storage Gen2: Click here

    Hope this helps! 

    Kindly let us know if the above helps or you need further assistance on this issue. 
    ------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members.


    Monday, September 16, 2019 9:09 AM
    Moderator
  • Is there any update on the issue?

    If the suggested answer helped for your issue, do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Wednesday, September 18, 2019 8:23 AM
    Moderator