When to use user and system assigned managed identity and how is it different from service principal(app registrations) RRS feed

  • Question

  • Hi Team,

    Can you please clarify when to use user and system managed identity and how is it different from Service principal.

    1) I clearly understand the concept but just would like to know why user managed identity is used in hdinsight cluster in accessing ADLS when we have the concept of service principal(app registration).

    2) As you know, every user who has login access to the hdinsight cluster will be having full access to ADLS, so if i had to restrict access for users to hdfs data in ADLS, what is the best approach? --is it by Ranger ?

    I'd be waiting for your reply.




    Thursday, February 27, 2020 10:35 AM

All replies

  • Hi Team,

    Could you please provide an answer for the above query.

    Thanks in Advance!!! 


    Rahul Akkula 



    Friday, February 28, 2020 9:40 AM
  • @Rahul

    Managed Identity is used in case where we do not want to expose the client secret to the application/code. Refer to https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview for more details.

    For restricting access for users to hdfs data in ADLS Please post the question at our HDInsight forum at: https://social.msdn.microsoft.com/Forums/azure/en-US/home?forum=hdinsight


    Please "accept as answer" or "vote as helpful" wherever the information provided helps you to help others in the community.


    We're migrating from MSDN to Microsoft Q&A as our new forums and Azure Active Directory has already made the move!  In future, you can ask and look for the discussion for Azure Active Directory related questions here:    https://docs.microsoft.com/answers/topics/azure-active-directory.html.

    Tuesday, March 3, 2020 2:13 PM