Skip to content

Preview: File Explorer for Azure

This feature is a preview.

Contact Privacera Support to request enabling this feature.

With the File Explorer for Azure, you can browse Azure Data Lake Storage (ADLS) Gen2 storage accounts, containers, and unstructured blobs. You can upload and retrieve data to and from ADLS. With resource policies, you can control access by allowing or denying permissions for users, groups, or roles.

Prerequisites and Setup#

  • You need to know your ADLS Gen2 storage account name and ADLS Gen2 storage key. This information is needed for PrivaceraCloud to access your ADLS data.
  • For PrivaceraCloud resource policies, determine beforehand which users or groups need to be given access to your ADLS data and what type of access they need: read, read-write, read metadata, or write-metadata.

General Process#

The following is the general process for setting up File Explorer for Azure:

  • Make sure you have the prerequisites ready.
  • On PrivaceraCloud, define a datasource with the Azure application.
  • On PrivaceraCloud, in Access Manager, add a service for Azure.
  • On PrivaceraCloud, define a resource policy for your ADLS data and allow or deny users or groups to that policy.

Connect ADLS Gen2 application#

For more details, see ADLS Gen2.

Modify Resource Policy#

After the ADLS Gen 2 application is connected, modify the default policy to add an Allow Condition as follows: metadata read permission for the public group for bucket name * and object path *.

For more information on creating a policy, see Resource Policies.

File Explorer#

To view ADLS containers and files:

  1. Navigate to Data Inventory > File Explorer.

    Because the policy is enabled, Azure storage accounts are displayed on the File Explorer page.

  2. On the File Explorer page, you can do the following actions:

    Action Description
    Refresh Refreshes the display
    Search Search for a particular container
    Filter Hides or shows columns
    Create Folder Creates a folder
    Upload Uploads a file
    Delete Delete files or folders
    Calculate Calculates folder size
    Copy to Clipboard Copies the object path

Example of Allowing/Deny Access#

By managing the permissions in a resource policy, you can provide access control on the ADLS storage.

  1. Create a policy with Read and Write permissions.

  2. Upload a file by performing the following steps:

    1. Navigate to Data Inventory > File Explorer.

    2. Go to the ADLS storage account where you want to upload the file.

    3. Click Upload.

      Add File popup is displayed.

    4. Choose the file to upload and click Upload button.

      The file is uploaded with a success message and seen in the listing.

    5. Navigate to Access Manager > Audits to view the audit log for the upload action.

  3. Edit the policy and remove the Write permission.

  4. Upload a file by performing the following steps:

    1. Navigate to Data Inventory > File Explorer.

    2. Go to the S3 bucket where you want to upload the file.

    3. Click Upload, Add File popup is displayed.

    4. Choose the file to upload and click Upload button.

      "Access Denied" error message is displayed.

    5. Navigate to Access Manager > Audits to view the audit log for the denied upload action.


Last update: February 22, 2022