尝试从数据湖 gen1 复制到 Blob 存储时,数据工厂给了我这个错误:
"message": "Failure happened on 'Sink' side. ErrorCode=UserErrorFailedFileOperation,
'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=Upload file failed at
path myblobcontainer\\file_that_im_tryin_to_copy.xml.,Source=Microsoft.DataTransfer.Common,''Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=Failed to read a 'AzureDataLakeStore' file. File path: 'SourceFolderInDataLake/2019/09/26/SomeOtherFile.usql'.,Source=Microsoft.DataTransfer.ClientLibrary,''Type=System.Net.WebException,Message=The remote server returned an error: (403) Forbidden.
我有一个U-SQL Script
将执行的活动1-Patient.usql
:
下一个活动是一个copy data
步骤:
来源
下沉
我已经使用本教程配置了角色/权限。
我可以通过以下方式解决此问题Data Explorer --> Access
:
然后我点击Advanced
:
单击Apply to all children
后,复制工作正常!
Please note that prior to the Copy Data
activity, data factory is executing usql
script inside of the gen1
. The script is stored in gen1, and it generates files inside of data lake as well as folders. There is never any permissions issue running this script.
What am I doing wrong?
I can reproduce your issue. Actually the Apply folder permissions to sub-folders
is not necessary. The issue should be caused by the access control of data lake gen1, the key to the problem is the order in which files are uploaded and permissions are set.
You could check the Access control in Azure Data Lake Storage Gen1 first and refer to the information below which was based my test.
I suppose you add the permissions like below to the root /
.
If your file is already existing before setting the permission, it will be affected by the operation, i.e. the access to the file will be set, you can access the file.
But if you upload the file or create a new folder after setting the permission, the folder and file will not have the access, you will not be able to access them. You could select the file, click the Access
to check directly.
After setting the permission above, then if you set the A default permission entry
, it will not affect the existing folders and files, but if you create new folders and files, you will get the access of all of them. i.e. the old folder and file still have not access, the new ones will have access. If you want to get the access to the old ones, just add the permissions like the screenshot again, the Apply folder permissions to sub-folders
is the same logic.
所以总而言之,如果您希望您的服务主体/MSI 访问数据湖中的所有文件,您可以添加第三个选项An access permission entry and a default permission entry
,然后您将能够访问现有和新文件夹/文件。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句