ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam DP-201 All Questions

View all questions & answers for the DP-201 exam
Go to Exam

Exam DP-201 topic 1 question 27 discussion

Actual exam question from Microsoft's DP-201
Question #: 27
Topic #: 1
[All DP-201 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You plan to store delimited text files in an Azure Data Lake Storage account that will be organized into department folders.
You need to configure data access so that users see only the files in their respective department folder.
Solution: From the storage account, you enable a hierarchical namespace, and you use RBAC.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Disable the hierarchical namespace. And instead of RBAC use access control lists (ACLs).
Note: Azure Data Lake Storage implements an access control model that derives from HDFS, which in turn derives from the POSIX access control model.
Blob container ACLs does not support the hierarchical namespace, so it must be disabled.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-known-issues https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-access-control
by samok at April 6, 2020, 2:41 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Yaswant
Highly Voted 4 years, 9 months ago
RBAC -> Container level. ACL -> Each file and directory in your account. *NO*
upvoted 30 times
...
Abhilvs
Highly Voted 4 years, 10 months ago
'No' is correct. When you set ACL, if RBAC is enabled on that container, it takes precedence over ACL. So, RBAC should be disabled when using ACL
upvoted 9 times
...
sjain91
Most Recent 4 years ago
Answer: No Azure RBAC : Storage accounts, containers. Cross resource Azure role assignments at subscription or resource group level.
upvoted 1 times
...
vaseva1
4 years, 1 month ago
Answer: No Azure RBAC : Storage accounts, containers. Cross resource Azure role assignments at subscription or resource group level. ACL : Directory, file
upvoted 1 times
...
Pavanm34
4 years, 4 months ago
Data lake gen2 with hierarchical namespace support ACLS . Currently we can not set it up from storage explorer and portal. Support for setting access control lists (ACLs) recursively The ability to apply ACL changes recursively from parent directory to child items is generally available. In the current release of this capability, you can apply ACL changes by using PowerShell, Azure CLI, and the .NET, Java, and Python SDK. Support is not yet available for the Azure portal, or Azure Storage Explorer.
upvoted 1 times
...
syu31svc
4 years, 5 months ago
Answer given is correct https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-namespace https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control
upvoted 1 times
...
brcdbrcd
4 years, 5 months ago
Answer: No The only correct case: ACL & HNS enabled. Azure RBAC and ACL both require the user (or application) to have an identity in Azure AD. Azure RBAC lets you grant "coarse-grain" access to storage account data, such as read or write access to all of the data in a storage account, while ACLs let you grant "fine-grained" access, such as write access to a specific directory or file. https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control-model
upvoted 5 times
...
rmk4ever
4 years, 8 months ago
Ans: NO. General-purpose V2 -->Blob container ACL- Not yet supported You can set ACLs on the root folder of the container but not the container itself. Can't use ACL in data lake. (can't use in HNS enabled storage account) Ref: https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-supported-blob-storage-features
upvoted 1 times
rmk4ever
4 years, 8 months ago
Sorry, please ignore the first one. For Gen2 - can use ACL with HNS ref: https://docs.microsoft.com/en-us/azure/storage/blobs/recursive-access-control-lists?tabs=azure-powershell
upvoted 1 times
...
...
Ash666
4 years, 9 months ago
No. We need ACL.
upvoted 1 times
...
freia
4 years, 10 months ago
HNS should not be disabled. "Access control via ACLs is enabled for a storage account as long as the Hierarchical Namespace (HNS) feature is turned ON." (https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control)
upvoted 4 times
...
Abhilvs
4 years, 10 months ago
ACLs are granular and only evaluated when RBAC if permissions aren't granted with RBAC.
upvoted 1 times
...
azurearch
5 years ago
answer should be yes. In RBAC, minimum level of scope to implement security is at container level. Folder level auth is not possible. It needs ACL for that. No reason to disable HNS (data lake ) for that, we can use POSIX permissions provided by data lake to implement folder level permissions.
upvoted 4 times
runningman
4 years, 11 months ago
Isn't the solution saying that RBAC is wrong? If at folder level Auth, RBAC is not possible, then No is correct. Thoughts?
upvoted 3 times
drdean
4 years, 11 months ago
Yes that makes sense to me
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago