You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/hdinsight/hdinsight-hadoop-use-data-lake-storage-gen2.md
+4-4Lines changed: 4 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ author: hrasheed-msft
6
6
ms.service: hdinsight
7
7
ms.custom: hdinsightactive
8
8
ms.topic: howto
9
-
ms.date: 01/10/2019
9
+
ms.date: 02/19/2019
10
10
ms.author: hrasheed
11
11
12
12
---
@@ -25,7 +25,7 @@ Data Lake Storage Gen2 is available as a storage option for almost all Azure HDI
25
25
26
26
## Use the Azure portal
27
27
28
-
To create an HDInsight cluster that uses Data Lake Storage Gen2 for storage, follow these steps to create and configure a Data Lake Storage Gen2 account.
28
+
To create an HDInsight cluster that uses Data Lake Storage Gen2 for storage, follow these steps to configure a Data Lake Storage Gen2 account.
29
29
30
30
1. Create a user-assigned managed identity, if you don’t already have one. See [Create, list, delete or assign a role to a user-assigned managed identity using the Azure portal](../active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal.md#create-a-user-assigned-managed-identity).
31
31
@@ -106,7 +106,7 @@ az group deployment create --name HDInsightADLSGen2Deployment \
106
106
107
107
### What kinds of permissions does Data Lake Storage Gen2 support?
108
108
109
-
Data Lake Storage Gen2 uses an access control model that supports both role-based access control (RBAC) and POSIX-like access control lists (ACLs). Data Lake Storage Gen1 supported access control lists only for controlling access to data.
109
+
Data Lake Storage Gen2 uses an access control model that supports both role-based access control (RBAC) and POSIX-like access control lists (ACLs). Data Lake Storage Gen1 supports access control lists only for controlling access to data.
110
110
111
111
RBAC uses role assignments to effectively apply sets of permissions to users, groups, and service principals for Azure resources. Typically, those Azure resources are constrained to top-level resources (for example, Azure Storage accounts). For Azure Storage, and also Data Lake Storage Gen2, this mechanism has been extended to the file system resource.
112
112
@@ -116,7 +116,7 @@ For more information about file permissions with ACLs, see [Access control lists
116
116
117
117
### How do I control access to my data in Data Lake Storage Gen2?
118
118
119
-
Your HDInsight cluster's ability to access files in Data Lake Storage Gen2 is controlled through managed identities. A managed identity is an identity registered in Azure Active Directory (Azure AD) whose credentials are managed by Azure. With managed identities, you don't need to register service principals in Azure AD and maintain credentials such as certificates.
119
+
Your HDInsight cluster's ability to access files in Data Lake Storage Gen2 is controlled through managed identities. A managed identity is an identity registered in Azure Active Directory (Azure AD) whose credentials are managed by Azure. With managed identities, you don't need to register service principals in Azure AD or maintain credentials such as certificates.
120
120
121
121
Azure services have two types of managed identities: system-assigned and user-assigned. HDInsight uses user-assigned managed identities to access Data Lake Storage Gen2. A user-assigned managed identity is created as a standalone Azure resource. Through a create process, Azure creates an identity in the Azure AD tenant that's trusted by the subscription in use. After the identity is created, the identity can be assigned to one or more Azure service instances.
0 commit comments