Skip to main content

Privacera Documentation

Configure ADLS resource policies

ADLS supports access policies.

  • Account Name: A storage account name or * for all storage accounts.

  • Container Name: A container name or * for all containers.

  • Object Path: A specific object path or * for all object paths.

  • Allow Conditions:

    • Permissions:

      • Read: READ permission on the URL permits the user to perform HiveServer2 operations which use S3 as a data source for Hive tables.

      • Write: WRITE permission on the URL permits the user to perform HiveServer2 operations which write data to the specified S3 location.

      • Delete: DELETE permission allows you to delete the resource.

      • Metadata Read: METADATA READ permission allows you to run HEAD operation on objects. Also, this permission list buckets, list objects and retrieves objects metadata.

      • Metadata Write: METADATA WRITE permission allows you to modify object's metadata and object's ACL, Tagging, Cros, etc.

      • Admin: Administrators can edit or delete the policy, and can also create child policies based on the original policy.

    • Delegate Admin: Select 'Delegate Admin' to assign administrator rights to the roles, groups, or users specified in the policy. The administrator can edit or delete the policy, and can also create child policies based on the original policy.

    • For Select Group: either public or a specific group