Why does the app registration for the ODX need owner permissions on the resource? I would think that read/write permissions would be sufficient.
Why does TimeXtender need the “extra” rights?
Solved
Why does the app registration for the ODX need owner permissions?
Best answer by Christian Hauggaard
Hi
For more information on security, please see: https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control
+5Hi
It is due to Security rights.
In theory you could get away with having the Storage Blob Contributor right.
However using this option will give the following error when executing the Transfer task.
So therefore it will need the Storage Blob Owner or Owner right to apply those.
Thank you
Could you please elaborate a bit on what it is trying to do that is denied without owner rights?
Specifically what is/are the action(s) that it wants to perform that it can't as contributor?
From a security perspective we want to answer the question(s): “Why do you need these rights? Which specific security settings is the ODX trying to apply on the data lake?”
+5Hi
For more information on security, please see: https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control
Reply
Rich Text Editor, editor1
Editor toolbars
Press ALT 0 for help
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
