There is an Azure Data Lake Storage Gen2 in your Azure Subscription.
There is a requirement to implement access control to the ADLS service.After some research, your team has come up with 3 conclusions.
You need to review these statements.
Statement 1: ADLS Gen2 supports Azure RBAC (role-based access control)
Statement 2: ADLS Gen2 supports Posix like access control lists (ACLs)
Statement 3: ACLs don't apply to SAS (Shared access signature ) users. Choose the right option.
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answer: B.
All three statements are correct.
ADLS Gen2 supports Azure RBAC and Posix like ACLs.
But in the case of SAS, it is not a valid option since ACLs are applied to the users in the same tenant.SAS is generally used by users in different tenants or for general/public access.
To know more, please refer to the docs below:
The correct answer is C. Statement 1 is correct, statement 2 and 3 are incorrect.
Explanation:
Azure Data Lake Storage Gen2 is a scalable and secure data lake solution for big data analytics. To secure the data stored in ADLS Gen2, access control must be implemented. Let's review each statement:
Statement 1: ADLS Gen2 supports Azure RBAC (role-based access control) This statement is correct. ADLS Gen2 supports Azure RBAC, which is a built-in authorization system that uses roles to manage access to Azure resources. Azure RBAC allows access management to be delegated to users, groups, or applications at a finer level of granularity. By assigning the appropriate role to users, groups, or applications, access to the data in ADLS Gen2 can be controlled.
Statement 2: ADLS Gen2 supports Posix like access control lists (ACLs) This statement is incorrect. ADLS Gen2 does not support Posix like access control lists (ACLs). Instead, it uses Access Control Lists (ACLs) based on the POSIX draft standard that is supported in Windows. These ACLs can be used to set permissions on files and directories.
Statement 3: ACLs don't apply to SAS (Shared access signature) users. This statement is incorrect. SAS (Shared Access Signature) is a secure way to provide delegated access to resources in ADLS Gen2. ACLs can be applied to SAS users just like any other user or group in Azure RBAC.
Therefore, the correct answer is C. Statement 1 is correct, statement 2 and 3 are incorrect.