02-02-2022 11:00 AM
Hi,
Is it possible to restrict upload files to dfbs root (Since everyone has access) ? The idea is to force users to use an ADLS2 mnt with credential passthrough for security reasons.
Also, right now users use azure blob explorer to interact with ADLS2. Is it possible to use the native databricks upload feature to send data to the mnt instead of the DBFS root? This would be the ideal solution for us.
Thanks
03-18-2022 08:49 AM
Hello @E H
You can disable DBFS file browser in the workspace, if users directly upload from there. This will prevent uploads to DBFS.
https://docs.databricks.com/administration-guide/workspace/dbfs-browser.html
Please let us know if this solution works.
02-02-2022 12:00 PM
Enable workspace object access control will allow to set permissions on folders (so user can have no permission to root and only to mnt).
Regarding native upload feature I don't think there is much can be done about it. I think azure explorer with correctly specify access rights is better. Some non technical users can prefer some simple cloud storage like folder on OneDrive so then we can set trigger in Azure logic apps when file is created and then set to copy it to ADLS2.
02-02-2022 02:37 PM
Thanks for the quick answer Hubert.
We currently have workspace object access control enabled on our workspace. Although, we can use it to add ACL on workspaces ACL folders that store notebooks, we haven't seen anyway to secure DBFS root itself.
Are there any options available in the portal to add ACLs on dbfs folders or do we need to use something else such as the command line do to it?
Thanks
03-18-2022 08:49 AM
Hello @E H
You can disable DBFS file browser in the workspace, if users directly upload from there. This will prevent uploads to DBFS.
https://docs.databricks.com/administration-guide/workspace/dbfs-browser.html
Please let us know if this solution works.
07-11-2022 01:10 AM
Hi @E H, We haven't heard from you on the last response from @Arvind Ravish , and I was checking back to see if his suggestions helped you. Or else, If you have any solution, please share it with the community as it can be helpful to others.
Also, please don't forget to click on the"Select As Bes" button whenever the information provided helps resolve your question.
Excited to expand your horizons with us? Click here to Register and begin your journey to success!
Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!