Ad integration pass through for HDInsight

Hari GS 21

HI,

I know HDInsight with ESP feature enables AD integration while connecting to cluster. Also teh access to underlying Hive tables can be controlled using Apache Ranger. But i would like to know if the access permission on storage account or datalake account can be passed through cluster.
For ex: if a used is read parquet files using spark.read.option(format,'parquet').load('<datalek gen1 path'), can the cluster use users identity while accessing the datalake. This way if a user has access to some folders in datalake , he should be able to access only those folders.

HimanshuSinha-msft 19,376 Reputation points Microsoft Employee

2020-07-30T19:12:35.523+00:00

Hello ,
Just wanted to follow up and check if the below suggestion helped you resolve the issue . Also if case if you have a better work around or resolution please do share that with the community as it will help other community members .

Thanks & stay safe

Himanshu
HimanshuSinha-msft 19,376 Reputation points Microsoft Employee

2020-08-17T22:01:24.007+00:00

Hello ,
Just wanted to follow up again & check if the below suggestion helped you resolve the issue . Also if case if you have a better work around or resolution please do share that with the community as it will help other community members .

Thanks & stay safe

Himanshu

1 answer

HimanshuSinha-msft 19,376 Reputation points Microsoft Employee

2020-07-22T20:08:47.737+00:00

Hello HariGs,

Thanks for the question .

The authentication part is taken care by kerberos, so the domain users will be able to access the files/folders in storage account.

Thanks & stay safe

Himanshu

Please do consider to click on "Accept Answer" and "Up-vote" on the post that helps you, as it can be beneficial to other community members
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Share via

Ad integration pass through for HDInsight

1 answer