How to set ACL to folder and all its children recursively?

Daniel Argüelles 1 Reputation point
2020-07-07T13:36:44.663+00:00

I'm using the following code to set a ACL to a folder and its children in Azure Storage Account StorageV2. We have more than 2 million files and this takes too long. I could't find any recursive parameter or a best aproach. Is this the best option to give ACLs recursively to a folder? How can I grant access to a specific folder?

$MaxReturn = 500
$Total = 0
$Token = $Null
do
 {
     $items = Get-AzDataLakeGen2ChildItem -FileSystem $container -Path $filePath -Context $ctx -Recurse -MaxCount $MaxReturn  -ContinuationToken $Token
     $Total += $items.Count
     if($items.Length -le 0) { Break;}
     $Token = $items[$items.Count -1].ContinuationToken;

       foreach ($path in $items) {
        if( $path.IsDirectory ){
            Update-AzDataLakeGen2Item -Context $ctx -FileSystem $container -Path $path.Path -Acl $acl_dir
        }else{
            Update-AzDataLakeGen2Item -Context $ctx -FileSystem $container -Path $path.Path -Acl $acl
        }
     }

    Echo "Current count: $Total"
 }
While ($Token -ne $Null)
Echo "Total $Total items in Filesystem $container"
Azure Data Lake Storage
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
1,410 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. MartinJaffer-MSFT 26,051 Reputation points
    2020-07-09T20:30:14.897+00:00

    Hello @DanielArgelles-5927 and thank you for your question.
    If I understand you correctly, you are currently using the provided code to set the ACL's but is taking too long.

    Given that the bottleneck is on your process sending only one http request at a time, and the azure side can handle multiple requests simultaneously, one solution would be multi-threading on your end so you can send multiple requests in parallel.

    Refactor, so you have one process gathering the list of files, (currently handled by your do-loop). Multiple other processes then consume filepaths from the list and return status codes.

  2. MartinJaffer-MSFT 26,051 Reputation points
    2020-07-27T22:40:20.073+00:00

    "How can I grant access to a specific folder?"

    To grant access to a directory:
    Grant execute permission on each directory on the path from root to the target directory. This includes the container and the target directory.

    To grant ability to see the contents of a target directory:
    Grant execute and read permissions for the target directory.

    To grant ability to create items in the target directory:
    Grant execute and write permissions for the target directory.
    If write permissions are not granted on the files, you will be able to create new files, but not edit existing ones.

    To grant the ability to read the files in the target directory:
    Grant execute permissions on the target directory. Also grant read permissions on all the desired items in the directory.

    0 comments
  3. MartinJaffer-MSFT 26,051 Reputation points
    2020-07-29T17:42:02.38+00:00

    @DanielArgelles-5927

    I have some great news!

    There is a recommended recursive script for you to use. See https://github.com/jamesbak/recursive_acl

    I recommend you use this until a recursive option, like you were looking for, becomes available.