Update-AzDataLakeGen2AclRecursive
Update ACL recursively on the specified path.
Syntax
Update-AzDataLakeGen2AclRecursive
[-FileSystem] <String>
[[-Path] <String>]
[-ContinuationToken <String>]
-Acl <PSPathAccessControlEntry[]>
[-ContinueOnFailure]
[-BatchSize <Int32>]
[-MaxBatchCount <Int32>]
[-AsJob]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Update-AzDataLakeGen2AclRecursive cmdlet updates ACL recursively on the specified path. The input ACL will merge the the original ACL: If ACL entry with same AccessControlType/EntityId/DefaultScope exist, update permission; else add a new ACL entry.
Examples
Example 1: Update ACL recursively on a root directiry of filesystem
$acl = New-AzDataLakeGen2ItemAclObject -AccessControlType user -Permission rwx
$acl = New-AzDataLakeGen2ItemAclObject -AccessControlType group -Permission rw- -InputObject $acl
$acl = New-AzDataLakeGen2ItemAclObject -AccessControlType other -Permission "rw-" -InputObject $acl
Update-AzDataLakeGen2AclRecursive -FileSystem "filesystem1" -Acl $acl -Context $ctx
FailedEntries :
TotalDirectoriesSuccessfulCount : 7
TotalFilesSuccessfulCount : 5
TotalFailureCount : 0
ContinuationToken :
This command first creates an ACL object with 3 acl entries, then updates ACL recursively on a root directory of a file system.
Example 2: Update ACL recursively on a directory, and resume from failure with ContinuationToken
$result = Update-AzDataLakeGen2AclRecursive -FileSystem "filesystem1" -Path "dir1" -Acl $acl -Context $ctx
$result
FailedEntries : {dir1/dir2/file4}
TotalDirectoriesSuccessfulCount : 500
TotalFilesSuccessfulCount : 2500
TotalFailureCount : 1
ContinuationToken : VBaHi5TfyO2ai1wYTRhIL2FjbGNibjA2c3RmATAxRDVEN0UzRENFQzZCRTAvYWRsc3Rlc3QyATAxRDY2M0ZCQTZBN0JGQTkvZGlyMC9kaXIxL2ZpbGUzFgAAAA==
$result.FailedEntries
Name IsDirectory ErrorMessage
---- ----------- ------------
dir0/dir2/file4 False This request is not authorized to perform this operation using this permission.
# user need fix the failed item , then can resume with ContinuationToken
$result = Update-AzDataLakeGen2AclRecursive -FileSystem "filesystem1" -Path "dir1" -Acl $acl -ContinuationToken $result.ContinuationToken -Context $ctx
$result
FailedEntries :
TotalDirectoriesSuccessfulCount : 100
TotalFilesSuccessfulCount : 1000
TotalFailureCount : 0
ContinuationToken :
This command first updateds ACL recursively to a directory and failed, then resume with ContinuationToken after user fix the failed file.
Example 3: Update ACL recursively chunk by chunk
$ContinueOnFailure = $true # Set it to $false if want to terminate the operation quickly on encountering failures
$token = $null
$TotalDirectoriesSuccess = 0
$TotalFilesSuccess = 0
$totalFailure = 0
$FailedEntries = New-Object System.Collections.Generic.List[System.Object]
do
{
if ($ContinueOnFailure)
{
$result = Update-AzDataLakeGen2AclRecursive -FileSystem "filesystem1" -Path "dir1" -Acl $acl -BatchSize 100 -MaxBatchCount 50 -ContinuationToken $token -Context $ctx -ContinueOnFailure
}
else
{
$result = Update-AzDataLakeGen2AclRecursive -FileSystem "filesystem1" -Path "dir1" -Acl $acl -BatchSize 100 -MaxBatchCount 50 -ContinuationToken $token -Context $ctx
}
# echo $result
$TotalFilesSuccess += $result.TotalFilesSuccessfulCount
$TotalDirectoriesSuccess += $result.TotalDirectoriesSuccessfulCount
$totalFailure += $result.TotalFailureCount
$FailedEntries += $result.FailedEntries
$token = $result.ContinuationToken
}while (($null -ne $token) -and (($ContinueOnFailure) -or ($result.TotalFailureCount -eq 0)))
echo ""
echo "[Result Summary]"
echo "TotalDirectoriesSuccessfulCount: `t$($TotalDirectoriesSuccess)"
echo "TotalFilesSuccessfulCount: `t`t`t$($TotalFilesSuccess)"
echo "TotalFailureCount: `t`t`t`t`t$($totalFailure)"
echo "ContinuationToken: `t`t`t`t`t$($token)"
echo "FailedEntries:"$($FailedEntries | ft)
This script will update ACL rescursively on directory chunk by chunk, with chunk size as BatchSize * MaxBatchCount. Chunk size is 5000 in this script.
Example 4: Update ACL recursively on a directory and ContinueOnFailure, then resume from failures one by one
$result = Update-AzDataLakeGen2AclRecursive -FileSystem "filesystem1" -Path "dir1" -Acl $acl -ContinueOnFailure -Context $ctx
$result
FailedEntries : {dir0/dir1/file1, dir0/dir2/file4}
TotalDirectoriesSuccessfulCount : 100
TotalFilesSuccessfulCount : 500
TotalFailureCount : 2
ContinuationToken : VBaHi5TfyO2ai1wYTRhIL2FjbGNibjA2c3RmATAxRDVEN0UzRENFQzZCRTAvYWRsc3Rlc3QyATAxRDY2M0ZCQTZBN0JGQTkvZGlyMC9kaXIxL2ZpbGUzFgAAAA==
$result.FailedEntries
Name IsDirectory ErrorMessage
---- ----------- ------------
dir0/dir1/file1 False This request is not authorized to perform this operation using this permission.
dir0/dir2/file4 False This request is not authorized to perform this operation using this permission.
# user need fix the failed item , then can resume with ContinuationToken
foreach ($path in $result.FailedEntries.Name)
{
# user code to fix failed entry in $path
#set ACL again
Set-AzDataLakeGen2AclRecursive -FileSystem "filesystem1" -Path $path -Acl $acl -Context $ctx
}
This command first updateds ACL recursively to a directory with ContinueOnFailure, and some items failed, then resume the failed items one by one.
Parameters
-Acl
The POSIX access control list to set recursively for the file or directory.
Type: | PSPathAccessControlEntry[] |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-AsJob
Run cmdlet in the background
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-BatchSize
If data set size exceeds batch size then operation will be split into multiple requests so that progress can be tracked. Batch size should be between 1 and 2000. Default is 2000.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Context
Azure Storage Context Object
Type: | IStorageContext |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ContinuationToken
Continuation Token.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ContinueOnFailure
Set this parameter to ignore failures and continue proceeing with the operation on other sub-entities of the directory. Default the operation will terminate quickly on encountering failures.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Type: | IAzureContextContainer |
Aliases: | AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-FileSystem
FileSystem name
Type: | String |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-MaxBatchCount
Maximum number of batches that single change Access Control operation can execute. If data set size exceeds MaxBatchCount multiply BatchSize, continuation token will be return.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Path
The path in the specified FileSystem that to change Acl recursively. Can be a file or directory. In the format 'directory/file.txt' or 'directory1/directory2/'. Skip set this parameter to change Acl recursively from root directory of the Filesystem.
Type: | String |
Position: | 1 |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |