Home

Setting up a user-assigned managed identity

The recommended method to set up permission for Azure Blob File System driver (ABFS) is to use Managed Identity. Follow the steps to create and set up a user-assigned managed identity.

1. Create a user-assigned managed identity

You must set up a user-assigned managed identity and record the Client ID and Object ID.

  1. Go to the Azure portal > Managed Identities.

  2. Click Add and create a new user-assigned managed identity.

  3. Record the Client ID and Object ID shown for the managed identity.

    azure-hdi-prereq-user-managed-identity.png
2. Add managed identity to storage account
  1. Go to Azure portal > Storage Accounts.

  2. Select a storage account and then click Container.

  3. Select a container and on the left panel click Access Control(IAM).

    az-hdi-managedidentity-roleassignment.png
  4. Click Role assignments and then click Add.

    role-assignment.png
  5. Grant the Reader role to the managed identity. Select the managed identity from the Select list.

  6. From the Storage Explorer view, select a directory and then click Manage Access.

    az-hdi-select-directory.png
  7. Copy-paste the Object ID of the managed identity in the Add User, group, or service principal box . You can get the Object ID from the corresponding Manage Identity page.

  8. Select Read and Execute permissions for Access as well as for Default and then click Save.

3. Add managed identity to Unravel VM
  1. Go to the Azure portal and click Virtual Machines.

  2. Select a VM to add to the managed identity.

  3. Under Settings, click Identity.

    azure-hdi-adding-virtualmachines.png
  4. Select User assigned tab and then click Add user assigned managed identity.

  5. From the list, select the managed identity and click Add.

4. Add ABFS properties to unravel.properties

Refer to Properties for ADLS Gen 2 (ABFS)