資料存取設定Data access configuration

重要

這項功能處於公開預覽狀態This feature is in Public Preview. 請連絡 Azure Databricks 代表以要求存取權。Contact your Azure Databricks representative to request access.

本文說明針對所有 SQL 端點 Azure Databricks SQL 分析系統管理員所執行的資料存取設定。This article describes the data access configurations performed by Azure Databricks SQL Analytics administrators for all SQL endpoints.

重要

變更這些設定會重新開機所有正在執行的 SQL 端點。Changing these settings restarts all running SQL endpoints.

本節內容:In this section:

允許端點存取儲存體Allow endpoints to access storage

若要將所有端點設定為使用 Azure 服務主體來存取 Azure 儲存體,請在資料存取設定中設定下列屬性。To configure all endpoints to use an Azure service principal to access Azure storage, set the following properties in the data access configuration.

  1. 建立可存取資源 Azure AD 應用程式和服務主體Create an Azure AD application and service principal that can access resources. 請注意下列屬性:Note the following properties:

    • application-id:可唯一識別應用程式的識別碼。application-id: An ID that uniquely identifies the application.
    • directory-id:可唯一識別 Azure AD 實例的識別碼。directory-id: An ID that uniquely identifies the Azure AD instance.
    • storage-account-name:儲存體帳戶的名稱。storage-account-name: The name of the storage account.
    • service-credential:應用程式用來證明其身分識別的字串。service-credential: A string that the application uses to prove its identity.
  2. 註冊服務主體,在 Azure Data Lake Storage Gen2 帳戶上授與正確的 角色指派,例如儲存體 Blob 資料參與者。Register the service principal, granting the correct role assignment, such as Storage Blob Data Contributor, on the Azure Data Lake Storage Gen2 account.

  3. 資料存取屬性中設定下列屬性:Configure the following properties in Data access properties:

    spark.hadoop.fs.azure.account.auth.type.<storage-account-name>.dfs.core.windows.net OAuth
    spark.hadoop.fs.azure.account.oauth.provider.type.<storage-account-name>.dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
    spark.hadoop.fs.azure.account.oauth2.client.id.<storage-account-name>.dfs.core.windows.net <application-id>
    spark.hadoop.fs.azure.account.oauth2.client.secret.<storage-account-name>.dfs.core.windows.net {{secrets/<scope-name>/<secret-name>}}
    spark.hadoop.fs.azure.account.oauth2.client.endpoint.<storage-account-name>.dfs.core.windows.net https://login.microsoftonline.com/<directory-id>/oauth2/token
    

    其中 <secret-name> 是包含服務主體密碼之 秘密 的金鑰,而 <scope-name> 是包含秘密金鑰的範圍。where <secret-name> is a key for the secret containing the service principal secret and <scope-name> is the scope containing the secret key.

資料存取屬性 Data access properties

資料存取設定可讓 Azure Databricks SQL 分析管理員使用資料存取屬性來設定所有端點。The data access setting allows an Azure Databricks SQL Analytics administrator to configure all endpoints with data access properties.

  1. 按一下提要欄位底部的 [使用者設定] 圖示 圖示,然後選取 [設定]。Click the User Settings Icon icon at the bottom of the sidebar and select Settings.
  2. 按一下 [ SQL 端點設定 ] 索引標籤。Click the SQL Endpoint Settings tab.
  3. 在 [ 資料存取 設定] 文字方塊中,指定包含 中繼存放區屬性的機碼值組。In the Data Access Configuration textbox, specify key-value pairs containing metastore properties.
  4. 按一下 [儲存]Click Save.

支援的屬性Supported properties

  • spark.sql.hive.metastore.*:spark.sql.hive.metastore.*:
  • spark.sql.warehouse.dir:spark.sql.warehouse.dir:
  • spark.hadoop.datanucleus.*:spark.hadoop.datanucleus.*:
  • spark.hadoop.fs.*:spark.hadoop.fs.*:
  • spark.hadoop.hive.*:spark.hadoop.hive.*:
  • spark.hadoop.javax.jdo.option.*:spark.hadoop.javax.jdo.option.*:
  • spark.hive.*:spark.hive.*:

如需有關如何設定這些屬性的詳細資訊,請參閱 外部 Hive 中繼存放區For details on how to set these properties, see External Hive metastore.