To add the Azure Data Lake Gen2 object storage repository with IAM (Identity and Access Management) VM role assignment, you first assign the storage blob data owner role to the Azure VM that you want to use as an access node for the storage account, and then, using the IAM VM role assignment type of authentication, add the object storage repository that contains that VM.
Assign the Storage Blob Data Owner Role to the VM
-
In the Azure portal, using the Azure subscription that is going to be associate to the VM, create or select a Windows or UNIX VM.
-
Turn the system assigned identity on.
-
In the Azure Data Lake Gen2 Storage account, add the storage blob data owner role to the VM to which you want to assign the role.
Add the Repository with IAM VM Role Assignment
-
From the navigation pane, go to Protect > Object storage.
The Object storage page appears.
-
In the upper-right area of the page, click Add object storage.
The Add object storage dialog box appears.
-
Click Azure Data Lake Storage Gen2.
The Add Azure Data Lake Storage Gen2 dialog box appears.
-
Enter the following information:
-
Object storage name: Enter a name for the repository.
-
Host URL: Enter the Azure Data Lake Storage Gen2 service account URL.
For example, enter dfs.core.windows.net.
-
Account name: Enter the name of the Azure Data Lake Storage Gen2 account.
-
Authentication: Select IAM VM role assignment.
-
Access node: Select the VM that has the storage blob data owner role.
-
Plan: Select the server plan to use for the repository.
-
-
Click Save.
Related Topics
For information about how to assign roles to VMs, search for "Configure managed identities for Azure resources on a VM using the Azure portal" in the Microsoft documentation.