数据访问配置Data access configuration

重要

此功能目前以公共预览版提供。This feature is in Public Preview. 请联系 Azure Databricks 代表,以申请访问权限。Contact your Azure Databricks representative to request access.

本文介绍 Azure Databricks SQL Analytics 管理员为所有 SQL 终结点执行的数据访问配置。This article describes the data access configurations performed by Azure Databricks SQL Analytics administrators for all SQL endpoints.

重要

更改这些设置将重新启动所有正在运行的 SQL 终结点。Changing these settings restarts all running SQL endpoints.

本节内容:In this section:

允许终结点访问存储Allow endpoints to access storage

若要配置所有终结点以使用 Azure 服务主体访问 Azure 存储,请在数据访问配置中设置以下属性。To configure all endpoints to use an Azure service principal to access Azure storage, set the following properties in the data access configuration.

  1. 创建可访问资源的 Azure AD 应用程序和服务主体Create an Azure AD application and service principal that can access resources. 请注意以下属性:Note the following properties:

    • application-id:唯一标识应用程序的 ID。application-id: An ID that uniquely identifies the application.
    • directory-id:唯一标识 Azure AD 实例的 ID。directory-id: An ID that uniquely identifies the Azure AD instance.
    • storage-account-name:存储帐户的名称。storage-account-name: The name of the storage account.
    • service-credential:一个字符串,应用程序用来证明其身份。service-credential: A string that the application uses to prove its identity.
  2. 注册服务主体,并在 Azure Data Lake Storage Gen2 帐户上授予正确的角色分配,如存储 Blob 数据参与者。Register the service principal, granting the correct role assignment, such as Storage Blob Data Contributor, on the Azure Data Lake Storage Gen2 account.

  3. 数据访问属性中配置以下属性:Configure the following properties in Data access properties:

    spark.hadoop.fs.azure.account.auth.type.<storage-account-name>.dfs.core.windows.net OAuth
    spark.hadoop.fs.azure.account.oauth.provider.type.<storage-account-name>.dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
    spark.hadoop.fs.azure.account.oauth2.client.id.<storage-account-name>.dfs.core.windows.net <application-id>
    spark.hadoop.fs.azure.account.oauth2.client.secret.<storage-account-name>.dfs.core.windows.net {{secrets/<scope-name>/<secret-name>}}
    spark.hadoop.fs.azure.account.oauth2.client.endpoint.<storage-account-name>.dfs.core.windows.net https://login.microsoftonline.com/<directory-id>/oauth2/token
    

    其中 <secret-name> ,是包含服务主体机密的 机密 的密钥, <scope-name> 是包含机密密钥的作用域。where <secret-name> is a key for the secret containing the service principal secret and <scope-name> is the scope containing the secret key.

数据访问属性 Data access properties

数据访问设置允许 Azure Databricks SQL Analytics 管理员使用数据访问属性配置所有终结点。The data access setting allows an Azure Databricks SQL Analytics administrator to configure all endpoints with data access properties.

  1. 单击边栏底部的用户设置图标图标,然后选择“设置”。Click the User Settings Icon icon at the bottom of the sidebar and select Settings.
  2. 单击 " SQL 端点" 设置 选项卡。Click the SQL Endpoint Settings tab.
  3. 在 " 数据访问配置 " 文本框中,指定包含 元存储属性的键值对。In the Data Access Configuration textbox, specify key-value pairs containing metastore properties.
  4. 单击“保存”。Click Save.

支持的属性Supported properties

  • spark.sql.hive.metastore.*:spark.sql.hive.metastore.*:
  • spark.sql.warehouse.dir:spark.sql.warehouse.dir:
  • spark.hadoop.datanucleus.*:spark.hadoop.datanucleus.*:
  • spark.hadoop.fs.*:spark.hadoop.fs.*:
  • spark.hadoop.hive.*:spark.hadoop.hive.*:
  • spark.hadoop.javax.jdo.option.*:spark.hadoop.javax.jdo.option.*:
  • spark.hive.*:spark.hive.*:

有关如何设置这些属性的详细信息,请参阅 External Hive 元存储For details on how to set these properties, see External Hive metastore.