The whole time i was also thinking the same, why would i care so much of the security stuff 😀, and you answered it right at the end. You are the best instructor 🤠. Those 2 cases at the end were super useful to recap what we learnt. Thanks a lot!!
Wow such a good explanation. You have mastered it, which would have come with experience. I was a bit confused on the whole security part for dp203, watched your last 4 5 videos, now at least I can relate things. I am glad I found your videos which were uploaded just 1 day back. If possible please make a summary of the last 4 videos. Keep making more content. 👍
hi there, thanks for the ACL details explanation.. it helped to solve my blocker, as IaM role doesn't solve folder level. May I know what device/tools and software you are using to do the drawing in this session? IMO It's beautiful and helps alot to the viewer to understand when you visualized it, rather than just talk. I'll get one, seems nice to use in Online Meeting.
I was commenting before watch till the end of your video.. the last minute of your vid in summary section really on-point.. Always thought why should I bother with Security/Access as I'm a data engineer, not a security/infra guy.. But you are right, the storage is anyhow is Datalake, and sometimes infra team not ready with this question and DE guy has to be the one to solve.. That exact scenario brought me to this vid. Thanks for this kind of content!
27:11 "You shall not pass!!!!" 🤣 Great episode. Btw. is security really that important to know for a Data Engineer? Aren't there teams that manage it or is it solely responsibility of the data engineer?
It depends. In bigger companies it would be handled by the security team. However, if you are one man army, then it's on you. But in my opinion every data engineer should be at least aware that RBAC or ACLs exist.
I'm afraid there is no nice UI button that will show access for a specific user based on ACLs - such feature exists only for RBAC. So to get the access you can: 1. Manually browse through all containers, directories and files and check for ACLs. 2. Automate it somehow and retrieve that data using API.
Thank you very much.. Keep it up sir. Please I want to ask you a question about data factory and synapse analytics. In real life scenario, which one is more robust in terms of cost and user friendly to use base on your experience. Both seem perform the same function even though synapse is unified.
Both of them share the same code base for data factory so basically they are pretty much the same thing. Just please remember that Synapse Analytics has some other features such as Spark or SQL runtimes that don't exist in ADF. I'll talk about it in the 1st episode about Synapse.
Hi Piotr, why should we propagate permissions using Storage Account Explorer instead of using Access Permissions in ACL? Initially, we grant read permissions to already existing files in the specified container. Then, we establish Default Permissions to govern any new file or directory that may be ingested in the future.
Default ACLs work only for newly added objects, so if you would like to set ACLs for existing directories/files you would have to do it in a different way: 1. Do it manually for every object - it will work just fine but if you have a lot of objects then it will take time and will be error prone. 2. OR Set it at the parent and then propagate - it will set ACLs recursively at every level.
The whole time i was also thinking the same, why would i care so much of the security stuff 😀, and you answered it right at the end. You are the best instructor 🤠. Those 2 cases at the end were super useful to recap what we learnt. Thanks a lot!!
Glad I could help!
Great series to learn about Azure Security and the end use case gives fair idea about how to select best from available services !! Thanks Tybul!!
You are right. Thanks for the author.
Amazing explanations!! Thank you so much!
Great explanations as always. Thank you!😊
RBAC and ACLs can be used together to strike the right balance between granularity and ease of management. 🤝
Great explanation! Thanks a lot for sharing (Y) !!
Hi Tybul Thanks for this and this usecase example was great to understand which approach to use and when in real world kind of scenario.
Wow such a good explanation. You have mastered it, which would have come with experience. I was a bit confused on the whole security part for dp203, watched your last 4 5 videos, now at least I can relate things. I am glad I found your videos which were uploaded just 1 day back.
If possible please make a summary of the last 4 videos. Keep making more content. 👍
An update, was able to clear dp203 with 900+. The credit for the journey from 700 to 900 goes to you. Thanks 😊
Congrats! You rock!
great video once again, eagerly await the next one :)
hi there, thanks for the ACL details explanation.. it helped to solve my blocker, as IaM role doesn't solve folder level.
May I know what device/tools and software you are using to do the drawing in this session? IMO It's beautiful and helps alot to the viewer to understand when you visualized it, rather than just talk.
I'll get one, seems nice to use in Online Meeting.
I was commenting before watch till the end of your video..
the last minute of your vid in summary section really on-point..
Always thought why should I bother with Security/Access as I'm a data engineer, not a security/infra guy.. But you are right, the storage is anyhow is Datalake, and sometimes infra team not ready with this question and DE guy has to be the one to solve.. That exact scenario brought me to this vid.
Thanks for this kind of content!
Thanks!
For drawing I use Microsoft Whiteboard and Surface tablet with a pen.
27:11 "You shall not pass!!!!" 🤣 Great episode. Btw. is security really that important to know for a Data Engineer? Aren't there teams that manage it or is it solely responsibility of the data engineer?
It depends. In bigger companies it would be handled by the security team. However, if you are one man army, then it's on you.
But in my opinion every data engineer should be at least aware that RBAC or ACLs exist.
@@TybulOnAzure thanks for clarifying
Nice video, thanks a lot! After the configuration of ACLs, how can I get the list of folders/files that a user can access?
I'm afraid there is no nice UI button that will show access for a specific user based on ACLs - such feature exists only for RBAC.
So to get the access you can:
1. Manually browse through all containers, directories and files and check for ACLs.
2. Automate it somehow and retrieve that data using API.
Thank you very much.. Keep it up sir. Please I want to ask you a question about data factory and synapse analytics. In real life scenario, which one is more robust in terms of cost and user friendly to use base on your experience. Both seem perform the same function even though synapse is unified.
Both of them share the same code base for data factory so basically they are pretty much the same thing. Just please remember that Synapse Analytics has some other features such as Spark or SQL runtimes that don't exist in ADF.
I'll talk about it in the 1st episode about Synapse.
@@TybulOnAzure Thank you very much for your response.
Hi Piotr, why should we propagate permissions using Storage Account Explorer instead of using Access Permissions in ACL? Initially, we grant read permissions to already existing files in the specified container. Then, we establish Default Permissions to govern any new file or directory that may be ingested in the future.
Default ACLs work only for newly added objects, so if you would like to set ACLs for existing directories/files you would have to do it in a different way:
1. Do it manually for every object - it will work just fine but if you have a lot of objects then it will take time and will be error prone.
2. OR Set it at the parent and then propagate - it will set ACLs recursively at every level.
@@TybulOnAzure I've reviewed the video again and now understand. Thank you Piotr for your time and excellent explanation.