none
Column Level Privileges for Azure Data Lake Store

    Question

  • Hi,

    Is there any way to grant privileges to individual columns in Azure Data Lake store? How can we secure PII data in Data Lake store. Please suggest.

    Thanks,

    Soumitra.

    PS: I am looking for similar feature like Sentry in Azure 

    Tuesday, May 23, 2017 3:28 AM

Answers

  • As pointed out by YaGupta, the Azure Data Lake Store service only knows about files and folders and the authorization in the store is ACLs at the file and folder level only.

    The Azure Data Lake Analytics service features structured data concepts - specifically U-SQL Databases that contain things such as Tables, Views, and Table-Valued Functions (TVFS) that define data at column level.

    Currently in Data Lake Analytics, data can be secured only at the entire database level. Later this year Data Lake Analytics will be able to set security in a more fine-grained way on objects within a U-SQL database such as Tables, Views, TVFs.

    Data Lake Analytics does not currently have the ability to control access to specific columns of Tables, Views, and TVFs. This is something we are considering for the future but we don't currently have a timeline for this.

    Tuesday, May 23, 2017 6:13 AM
    Moderator

All replies

  • Soumitra,

    In Azure Data Lake store, we have ACLs for each file and folder, you can read more about it here : https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-access-control

    In order provide feedback on Column level ACLs, can you please share what Analytics tools you are using ? Azure Data Lake Analytics, HDInsight ?

    Thanks\Y

    Tuesday, May 23, 2017 5:57 AM
  • As pointed out by YaGupta, the Azure Data Lake Store service only knows about files and folders and the authorization in the store is ACLs at the file and folder level only.

    The Azure Data Lake Analytics service features structured data concepts - specifically U-SQL Databases that contain things such as Tables, Views, and Table-Valued Functions (TVFS) that define data at column level.

    Currently in Data Lake Analytics, data can be secured only at the entire database level. Later this year Data Lake Analytics will be able to set security in a more fine-grained way on objects within a U-SQL database such as Tables, Views, TVFs.

    Data Lake Analytics does not currently have the ability to control access to specific columns of Tables, Views, and TVFs. This is something we are considering for the future but we don't currently have a timeline for this.

    Tuesday, May 23, 2017 6:13 AM
    Moderator
  • Hi,

    We are using HDInsight.

    Thanks,

    Soumitra.

    Wednesday, May 24, 2017 5:56 AM