Azure AD and ADLS Gen2 Access for Databricks Spark Jobs: Provisioning Guide

Provisioning Azure AD Applications and Service Principal for Data Access in Databricks Spark Jobs

Question

Rob is working on provisioning Azure AD applications and Service principal to direct access data in ADLS gen2 account to process data in Databricks Spark jobs.

Which of the following four tasks he's required to perform in sequence? Here is the task list: 1) Assign roles to the application to provide the service principal with the required permissions to access the ADLS Gen2 account.

2) Create an Azure Key Vault-backed secret scope that will store the client secret associated with the Azure AD app.

3) Create an Azure AD app that will create an associate service principal required to access the storage account.

4) Save the client secret associated with the Azure AD app in the Azure Key Vault.

5) Authenticate and access the ADLS Gen2 through a mount point.

6)Use Databricks CLI to access the ADLS Gen2 storage account.

Select the correct sequence to accomplish the above-mentioned objective:

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: D Option D is correct.

The process of creating Azure AD application and Service principal using that service principal to mount or directly access data in an ADLS Gen2 storage account consists of the following consequent steps:

Create an Azure AD app that will create an associate service principal required to access the storage account.

Create an Azure Key Vault-backed secret scope that will store the client secret associated with the Azure AD app.

Save the client secret associated with the Azure AD app in the Azure Key Vault.

Assign roles to the application to provide the service principal with the required permissions to access the ADLS Gen2 account.

Reference:

The correct sequence to provision Azure AD applications and Service principal to direct access data in ADLS gen2 account to process data in Databricks Spark jobs is as follows:

  1. Create an Azure AD app that will create an associate service principal required to access the storage account. This step involves creating an Azure AD app and associating it with a service principal that will be used to access the ADLS Gen2 storage account. The service principal is an identity that can be used to authenticate and access the storage account.

  2. Create an Azure Key Vault-backed secret scope that will store the client secret associated with the Azure AD app. This step involves creating a secret scope in Azure Databricks that will be used to securely store the client secret associated with the Azure AD app. The secret scope will be backed by an Azure Key Vault that will store the secret securely.

  3. Save the client secret associated with the Azure AD app in the Azure Key Vault. This step involves saving the client secret associated with the Azure AD app in the Azure Key Vault-backed secret scope that was created in step 2. This will ensure that the client secret is securely stored and can be accessed by the Databricks Spark jobs.

  4. Assign roles to the application to provide the service principal with the required permissions to access the ADLS Gen2 account. This step involves assigning the necessary roles to the Azure AD app and service principal to provide them with the required permissions to access the ADLS Gen2 account. The roles will define the level of access that the service principal has to the storage account.

  5. Authenticate and access the ADLS Gen2 through a mount point. This step involves authenticating and accessing the ADLS Gen2 storage account through a mount point in Azure Databricks. The mount point provides a convenient way to access the storage account without having to manually specify the storage account credentials in the Databricks Spark jobs.

  6. Use Databricks CLI to access the ADLS Gen2 storage account. This step involves using the Databricks CLI to access the ADLS Gen2 storage account. The CLI provides a command-line interface that can be used to interact with the storage account and perform various operations such as uploading and downloading data.

Therefore, the correct sequence of tasks to accomplish the objective is option B: 3 > 2 > 1 > 4.