none
help with Azure Data Lake REST interface

    Question

  • I wrote a program that uses the ADLS REST interface to go through all of the folders and files in a data lake instance and modify their POSIX permissions to match our standard.

    I am extending the program to also modify the ADLS ACLs.

    When I query the current settings using GETACLSTATUS I get back a JSON string that is somewhat consistent with the documentation.

    I modified that JSON and sent it back using SETACL I get an error : "Invalid ACL: the user, group and other entries are required"

    I tried multiple other ACLSPEC formats like “entries” list only, individual user and group ACLs, etc and got that same error.

    How can I get the correct Acl Spec for the SETACL REST operation?

    Output from GETACLSTATUS:

       "AclStatus":{  
          "entries":[  
             "user:15b70438-f54b-4d7d-95aa-74afe8e1a09f:rwx",
             "user:6fca950f-3ac4-495e-b9cf-ae55af2f5b11:rwx",
             "user:dcb7b874-eeb0-44f6-8088-d1ff65a69807:rwx",
             "user:fadc0eee-f2af-4e1b-b0c7-f7d2059ef065:rwx",
             "group::rwx",
             "group:231db2e5-792c-4788-8abc-2187d7233ea8:r-x",
             "group:7c24b109-edf2-422e-b20e-df8095043b93:rwx",
             "group:ec768852-cc88-40f2-91a8-3e57b5ee4a79:r-x",
             "default:user::rwx",
             "default:user:15b70438-f54b-4d7d-95aa-74afe8e1a09f:rwx",
             "default:user:6fca950f-3ac4-495e-b9cf-ae55af2f5b11:rwx",
             "default:user:dcb7b874-eeb0-44f6-8088-d1ff65a69807:rwx",
             "default:user:fadc0eee-f2af-4e1b-b0c7-f7d2059ef065:rwx",
             "default:group::rwx",
             "default:group:231db2e5-792c-4788-8abc-2187d7233ea8:r-x",
             "default:group:7c24b109-edf2-422e-b20e-df8095043b93:rwx",
             "default:mask::rwx",
             "default:other::---"
          ],
          "owner":"6fca950f-3ac4-495e-b9cf-ae55af2f5b11",
          "group":"7c24b109-edf2-422e-b20e-df8095043b93",
          "permission":"777",
          "stickyBit":false
       }
    }

    Thanks

    Tuesday, April 9, 2019 2:21 PM

Answers

All replies

  • found the answer:
    The acl_spec must include entries for user, group, and others for compatibility with permission bits.
    Example "user::rw-,user:hadoop:rw-,group::r--,other::r--" 
    Friday, April 12, 2019 6:28 PM
  • Hi Steve,

    Glad to know that your issue has resolved. And thanks for sharing the solution, which might be beneficial to other community members reading this thread. 

    Monday, April 15, 2019 6:07 AM
    Moderator