- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2022 11:00 AM
Hi,
Is it possible to restrict upload files to dfbs root (Since everyone has access) ? The idea is to force users to use an ADLS2 mnt with credential passthrough for security reasons.
Also, right now users use azure blob explorer to interact with ADLS2. Is it possible to use the native databricks upload feature to send data to the mnt instead of the DBFS root? This would be the ideal solution for us.
Thanks
- Labels:
-
Azure databricks
-
DBFS
-
File upload
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-18-2022 08:49 AM
Hello @E H
You can disable DBFS file browser in the workspace, if users directly upload from there. This will prevent uploads to DBFS.
https://docs.databricks.com/administration-guide/workspace/dbfs-browser.html
Please let us know if this solution works.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2022 12:00 PM
Enable workspace object access control will allow to set permissions on folders (so user can have no permission to root and only to mnt).
Regarding native upload feature I don't think there is much can be done about it. I think azure explorer with correctly specify access rights is better. Some non technical users can prefer some simple cloud storage like folder on OneDrive so then we can set trigger in Azure logic apps when file is created and then set to copy it to ADLS2.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2022 02:37 PM
Thanks for the quick answer Hubert.
We currently have workspace object access control enabled on our workspace. Although, we can use it to add ACL on workspaces ACL folders that store notebooks, we haven't seen anyway to secure DBFS root itself.
Are there any options available in the portal to add ACLs on dbfs folders or do we need to use something else such as the command line do to it?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-18-2022 08:49 AM
Hello @E H
You can disable DBFS file browser in the workspace, if users directly upload from there. This will prevent uploads to DBFS.
https://docs.databricks.com/administration-guide/workspace/dbfs-browser.html
Please let us know if this solution works.
![](/skins/images/97567C72181EBE789E1F0FD869E4C89B/responsive_peak/images/icon_anonymous_message.png)
![](/skins/images/97567C72181EBE789E1F0FD869E4C89B/responsive_peak/images/icon_anonymous_message.png)