Disclaimer. Services are changing – please always check with the official Microsoft documentation before applying in practice.

Recently I was asked by several customers to explain the authentication features of Azure Data Lake Storage Gen2 and how they are used together. Honestly speaking I was a bit puzzled. “Everything should be in the documentation. It should be obvious” – I thought for myself.

But when I was trying to compile something from existing materials I have suddenly discovered that it might be a bit confusing and requires some time just to get through all the options. So, I have created a short diagram.

Sorry wrong diagram – the real one below.

Just to recap very quickly.

The authentication against ADLS Gen2 can be done with or without identity. The rights can be granted on several levels of the resource hierarchy and different methods have different granularity of permissions. Permissions may or may not have inheritance. As simple as that.

And remember you can always refer to the official documentation which is much more detailed. Also follow the updates here. In case some functionality is missing please feel free to vote / propose it here.

Have a nice and productive week!