When to use user and system assigned managed identity and how is it different from service principal(app registrations)

Question

Hi Team,

Can you please clarify when to use user and system managed identity and how is it different from Service principal.

1) I clearly understand the concept but just would like to know why user managed identity is used in hdinsight cluster in accessing ADLS when we have the concept of service principal(app registration).

2) As you know, every user who has login access to the hdinsight cluster will be having full access to ADLS, so if i had to restrict access for users to hdfs data in ADLS, what is the best approach? --is it by Ranger ?

I'd be waiting for your reply.

Thanks-Rahul.!

+31-xxxxxxxxxxx

---

Rahul

Answer 1

Hi Team,

Could you please provide an answer for the above query.

Thanks in Advance!!! 

Regarsd,

Rahul Akkula 

+31-617854586

---

Rahul

Answer 2

@Rahul

Managed Identity is used in case where we do not want to expose the client secret to the application/code. Refer to https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview for more details.

For restricting access for users to hdfs data in ADLS Please post the question at our HDInsight forum at: https://social.msdn.microsoft.com/Forums/azure/en-US/home?forum=hdinsight

-----------------------------------------------------------------------------------------------------

Please "accept as answer" or "vote as helpful" wherever the information provided helps you to help others in the community.

-----------------------------------------------------------------------------------------------------

We're migrating from MSDN to Microsoft Q&A as our new forums and Azure Active Directory has already made the move!  In future, you can ask and look for the discussion for Azure Active Directory related questions here:    https://docs.microsoft.com/answers/topics/azure-active-directory.html.