To homepage To homepage
Solved

Why does the app registration for the ODX need owner permissions?

  • 4 September 2023
  • 3 replies
  • 78 views
B
Rank

Why does the app registration for the ODX need owner permissions on the resource? I would think that read/write permissions would be sufficient.

 

Why does TimeXtender need the “extra” rights?

icon

Best answer by Christian Hauggaard 22 September 2023, 14:03

View original

3 replies

Thomas Lind
Rank
Userlevel 6
Badge +5

Hi @Benny 

It is due to Security rights.

In theory you could get away with having the Storage Blob Contributor right.

However using this option will give the following error when executing the Transfer task.

So therefore it will need the Storage Blob Owner or Owner right to apply those.

B
Rank

Thank you @Thomas Lind.

 

Could you please elaborate a bit on what it is trying to do that is denied without owner rights?

Specifically what is/are the action(s) that it wants to perform that it can't as contributor?

 

From a security perspective we want to answer the question(s): “Why do you need these rights? Which specific security settings is the ODX trying to apply on the data lake?”

Christian Hauggaard
Rank
Userlevel 6
Badge +5

Hi @Benny the parent directory must have Write + Execute permissions, and the owner role is required to create new files in blob storage as this role has execute permissions on the root folder, whereas the contributor role does not have execute permissions on the root folder.
 
For more information on security, please see: https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control

Reply


Terms and ConditionsCookie settings