cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Restricting file upload to DBFS

RicksDB
Contributor II

Hi,

Is it possible to restrict upload files to dfbs root (Since everyone has access) ? The idea is to force users to use an ADLS2 mnt with credential passthrough for security reasons.

Also, right now users use azure blob explorer to interact with ADLS2. Is it possible to use the native databricks upload feature to send data to the mnt instead of the DBFS root? This would be the ideal solution for us.

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

User16764241763
Honored Contributor

Hello @E Hโ€‹ 

You can disable DBFS file browser in the workspace, if users directly upload from there. This will prevent uploads to DBFS.

https://docs.databricks.com/administration-guide/workspace/dbfs-browser.html

image 

Please let us know if this solution works.

View solution in original post

3 REPLIES 3

Hubert-Dudek
Esteemed Contributor III

Enable workspace object access control will allow to set permissions on folders (so user can have no permission to root and only to mnt).

Regarding native upload feature I don't think there is much can be done about it. I think azure explorer with correctly specify access rights is better. Some non technical users can prefer some simple cloud storage like folder on OneDrive so then we can set trigger in Azure logic apps when file is created and then set to copy it to ADLS2.

RicksDB
Contributor II

Thanks for the quick answer Hubert.

We currently have workspace object access control enabled on our workspace. Although, we can use it to add ACL on workspaces ACL folders that store notebooks, we haven't seen anyway to secure DBFS root itself.

Are there any options available in the portal to add ACLs on dbfs folders or do we need to use something else such as the command line do to it?

Thanks

User16764241763
Honored Contributor

Hello @E Hโ€‹ 

You can disable DBFS file browser in the workspace, if users directly upload from there. This will prevent uploads to DBFS.

https://docs.databricks.com/administration-guide/workspace/dbfs-browser.html

image 

Please let us know if this solution works.

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group