question

ManuelBustamante-5839 avatar image
1 Vote"
ManuelBustamante-5839 asked ManuelBustamante-6235 commented

Azure Purview - Data access policy pre-requirements


tutorial-data-owner-policies-storage


I have some questions concerning the pre-requirements mentioned in the link here above:

  1. Where can I see the storage account version (81.X.X)?

201091-capture2.png

  1. Does this mean that I cannot create Purview data policies for my existing storage accounts? Should I create a new one and move all my data to the new one? I have more than 50TB and several ADF/Synapse pipelines, without mentioning that my final users access to the storage account via serverless views. There is any method to activate this feature in old storage accounts? There is something in the roadmap concerning this?




azure-purview
capture2.png (30.3 KiB)
· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PRADEEPCHEEKATLA-MSFT avatar image PRADEEPCHEEKATLA-MSFT ·

Hello @ManuelBustamante-5839,

Following up to see if the below suggestion was helpful. And, if you have any further query do let us know.

  • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you.

0 Votes 0 ·
ManuelBustamante-6235 avatar image ManuelBustamante-6235 PRADEEPCHEEKATLA-MSFT ·

Hi @PRADEEPCHEEKATLA-MSFT ,

As you said in your post of last week.

"UPDATE: (06/07/2022): Here is the response from the product team: It applies to both Blob Storage and ADLS Gen2. The Storage team is completing the roll-out that removes this restriction in the next few days. A good portion of Storage tenants have already been completed and for those policies can be enforced in older Storage accounts."

Right now, I still cannot activate the policies on older storage accounts. Ill wait a few days and test it again. Ill keep you updated.

1 Vote 1 ·

1 Answer

PRADEEPCHEEKATLA-MSFT avatar image
0 Votes"
PRADEEPCHEEKATLA-MSFT answered PRADEEPCHEEKATLA-MSFT edited

Hello @ManuelBustamante-5839,

Thanks for the question and using MS Q&A platform.

UPDATE: (06/07/2022): Here is the response from the product team: It applies to both Blob Storage and ADLS Gen2. The Storage team is completing the roll-out that removes this restriction in the next few days. A good portion of Storage tenants have already been completed and for those policies can be enforced in older Storage accounts.


Regarding the storage account version, we are reaching out to the internal team to get more details on this.

As per the repro from our end, you can create Purview data policies for my existing storage accounts.

Here are the steps to create Purview data policies for my existing storage accounts:

Currently, Microsoft Purview access policies can only be enforced in the following Azure Storage regions: (Which means the storage account should be in this region).

  • France Central

  • Canada Central

  • East US

  • East US2

  • South Central US

  • West US

  • West US2

  • North Europe

  • West Europe

  • UK South

  • Southeast Asia

  • Australia East

    Step1: Enable access policy enforcement for the Azure Storage account.

If you’re executing these commands locally, be sure to run PowerShell as an administrator. Alternatively, you can use the Azure Cloud Shell in the Azure portal: https://shell.azure.com

 # Install the Az module
 Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force
 # Login into the subscription
 Connect-AzAccount -Subscription <SubscriptionID>
 # Register the feature
 Register-AzProviderFeature -FeatureName AllowPurviewPolicyEnforcement -ProviderNamespace Microsoft.Storage

Step2: Go to the Data Map section => Sources => Registered data sources and Enable Data use management option as shown below:

200836-purview-datauseenable.gif

Step3: Go to the Data Policy and create a data policy as shown below:

200884-purview-blobaccess.gif
Hope this will help. Please let us know if any further queries.

  • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how

  • Want a reminder to come back and check responses? Here is how to subscribe to a notification

  • If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators


purview-datauseenable.gif (1.0 MiB)
purview-blobaccess.gif (1.2 MiB)
· 6
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

isdataninja avatar image isdataninja ·

Here for the answer for the first question as well. I've tried looking for this version number myself through the portal, azure cli, azure powershell and was not able to find this information.


Where can I see the storage account version (81.X.X)?



0 Votes 0 ·
ManuelBustamante-5839 avatar image ManuelBustamante-5839 ·

Hi @PRADEEPCHEEKATLA-MSFT.

Thank you for taking time and answer my question.

But, unfortunately what you are saying is contrary to what it says the official Microsoft documentation,
https://docs.microsoft.com/en-us/azure/purview/tutorial-data-owner-policies-storage#enable-access-policy-
enforcement-for-the-azure-storage-account

201062-capture2.png



I followed all steps you mentioned, with a test user account and the only way to make it works wascreating a new storage account.


0 Votes 0 ·
capture2.png (30.3 KiB)
PRADEEPCHEEKATLA-MSFT avatar image PRADEEPCHEEKATLA-MSFT ManuelBustamante-5839 ·

Hello @ManuelBustamante-5839,

Yes, the document is quite confusing. I had reached out to the doc owner to update the document as appropriate.

As per the above answer, I had used the Azure Storage account named: analyticssharedblob which is created on 8/6/2019, 3:20:29 AM.

201206-image.png

0 Votes 0 ·
image.png (54.3 KiB)
ManuelBustamante-5839 avatar image ManuelBustamante-5839 ·

Hello @PRADEEPCHEEKATLA-MSFT ,

Still I cant manage to create data policies in older storage accounts, the only difference I see is that you are giving access to a storage account and not a data lake gen 2, could you please try again with a Data Laken Gen 2 ?

Thank you in advance,

0 Votes 0 ·
PRADEEPCHEEKATLA-MSFT avatar image PRADEEPCHEEKATLA-MSFT ManuelBustamante-5839 ·

Hello @ManuelBustamante-5839,

Yes, you are correct. For ADLS Gen2 account it allows only newly created storage accounts.

0 Votes 0 ·
PRADEEPCHEEKATLA-MSFT avatar image PRADEEPCHEEKATLA-MSFT ManuelBustamante-5839 ·

Hello @ManuelBustamante-5839,

Here is the response from the product team: It applies to both Blob Storage and ADLS Gen2. The Storage team is completing the roll-out that removes this restriction in the next few days. A good portion of Storage tenants have already been completed and for those policies can be enforced in older Storage accounts.

0 Votes 0 ·