DP-201 Exam QuestionsBrowse all questions from this exam
Go to Exam

DP-201 Exam - Question 29

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You plan to store delimited text files in an Azure Data Lake Storage account that will be organized into department folders.

You need to configure data access so that users see only the files in their respective department folder.

Solution: From the storage account, you disable a hierarchical namespace, and you use access control lists (ACLs).

Does this meet the goal?

Show Answer
Correct Answer: B

To ensure users see only the files in their respective department folder in Azure Data Lake Storage, it is necessary to utilize hierarchical namespace (HNS). Disabling HNS will prevent the use of access control lists (ACLs), which are essential for fine-grained access control at the folder level. Therefore, disabling HNS does not meet the goal of configuring data access appropriately for this scenario.

Discussion

20 comments
Sign in to comment
passnow
Jul 27, 2020

sometimes u guys commenting confuse people

kempstonjoystick
Apr 1, 2020

The question is unclear in this instance, as it doesn't specify whether the ADLS is v1 or v2. For v1, Hierarchical namespaces must be off, for v2 they need to be on: "Do I have to enable support for ACLs? No. Access control via ACLs is enabled for a storage account as long as the Hierarchical Namespace (HNS) feature is turned ON." https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control

samok
Apr 6, 2020

You are correct. I believe this is an old question, before Gen2 was available. In current exams, they ought to specify which Gen they are referring to.

M0e
Oct 23, 2020

I think Gen 1 is not covered in the exams any more. So having the assumption that the question talks about Gen 2, the answer here is No.

M0e
Oct 23, 2020

I think Gen 1 is not covered in the exams any more. So having the assumption that the question talks about Gen 2, the answer here is No.

Yaswant
Aug 10, 2020

Enable heirarchial namespace and use ACL's This is the one of the option i got in recent exam.

Porus
Aug 27, 2020

whats the answer

treebeard
Oct 8, 2020

This is what I found @ MS Docs: 'Access control via ACLs is enabled for a storage account as long as the Hierarchical Namespace (HNS) feature is turned ON. If HNS is turned OFF, the Azure RBAC authorization rules still apply.' Ref: https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control

treebeard
Oct 8, 2020

This is what I found @ MS Docs: 'Access control via ACLs is enabled for a storage account as long as the Hierarchical Namespace (HNS) feature is turned ON. If HNS is turned OFF, the Azure RBAC authorization rules still apply.' Ref: https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control

Leonido
Apr 25, 2020

Have a practical case with it. The answer with Gen2 is exactly the opposite than stated here: Enable HNS, SET ACL (default and the specific)

sunil_kalra
Dec 22, 2020

It is written in first FAQ https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control FAQ Do I have to enable support for ACLs? No. Access control via ACLs is enabled for a storage account as long as the Hierarchical Namespace (HNS) feature is turned ON. If HNS is turned OFF, the Azure Azure RBAC authorization rules still apply.

[Removed]
May 10, 2020

The answer should be NO: Do I have to enable support for ACLs? No. Access control via ACLs is enabled for a storage account as long as the Hierarchical Namespace (HNS) feature is turned ON. If HNS is turned OFF, the Azure RBAC authorization rules still apply.

sdas1
Jan 31, 2021

Refer: https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control Access control via ACLs is enabled for a storage account as long as the Hierarchical Namespace (HNS) feature is turned ON. If HNS is turned OFF, the Azure Azure RBAC authorization rules still apply.

BobFar
May 20, 2021

that is exactly what I found https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control

HeB
May 4, 2020

This answer should be NO, since HNS has be turned ON to enable ACL. When you disable HNS, Azure RBAC rules still apply, see: https://docs.microsoft.com/nl-nl/azure/storage/blobs/data-lake-storage-access-control#common-questions-about-acls-in-data-lake-storage-gen2. And with RBAC rules for Azure Data Lake Storage Gen 2, you are able to set access on container and blob level, see: https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-portal?toc=%2fazure%2fstorage%2fblobs%2ftoc.json

mohowzeh
Jan 11, 2021

In storage V2, you can only create ACL's on a container with hierarchical namespace enabled. You cannot disable hierarchical namespace and have an ACL at the same time. Hence, the goal is not met. Test this yourself in Azure. Create two storage accounts: one with hierarchical namespace disabled (the "blob account"), and one with it enabled (the "data lake account"). Create a container in each. Install Azure Data Explorer on your local machine, then follow the instructions on this page: https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-explorer#managing-access You will see that ACL's are an option on the data lake container, but not on the blob container. Hence, disabling the hierarchical namespace makes it impossible to have an ACL on the containers in that account. The configuration as given in the question is therefore not meeting the goal.

BobFar
May 20, 2021

Do I have to enable support for ACLs? No. Access control via ACLs is enabled for a storage account as long as the Hierarchical Namespace (HNS) feature is turned ON. If HNS is turned OFF, the Azure Azure RBAC authorization rules still apply. https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control

yilpiz
Aug 29, 2020

Question clearly states Azure Data Lake Storage. Why he is talking about blob?

rmk4ever
Sep 14, 2020

New update: https://docs.microsoft.com/en-us/azure/storage/blobs/recursive-access-control-lists?tabs=azure-powershell

syu31svc
Dec 8, 2020

Answer is No; enable not disable the namespace

BungyTex
Dec 11, 2020

It clearly says the data is arranged into folders by department. If you don't have HNS you don't have the folders.

sturcu
Jan 18, 2021

The Question n is out dated, it refresh to gen1. In gen2 there is no need to Disable Hierarchical Namespace

sd_dp200
Jan 24, 2021

isn't hierarchical namespace a fundamental property of data lake storage that separates it from blob storage type? why are they saying disable HNS then?

cadio30
Jun 2, 2021

in ADLS Gen 1, there is no such feature that could disable the HNS while in Gen 2 this is possible.

Apox
Apr 27, 2021

I believe the answer should be "YES": The requirement is that data is organized into folders (hence, you have to enable hierarchical namespace") and the users should only see their respective folders. The only way to give users fine-grained access to folders in ADLS Gen2 is to use Access Control Lists. If this is not used you will have to use RBAC and this can only give access to ALL of the data in a storage account or ALL of the data in the container, which will not fulfill the requirement. It is also unlikely that Shared Access Signatures (SAS) should be used. The reason is that this is internal and you want to have a concept of who actually access what (and they likely have users set up in AAD). SAS is more often used in the context of applications than users, and therefore this is not the right answer either. Hence, hierarchical namespace and ACL should be used and the answer to this question is "YES".

BobFar
May 20, 2021

what about this ? Do I have to enable support for ACLs? No. Access control via ACLs is enabled for a storage account as long as the Hierarchical Namespace (HNS) feature is turned ON. If HNS is turned OFF, the Azure Azure RBAC authorization rules still apply. in the below link? https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control

cadio30
May 21, 2021

From the question standpoint, it is pertaining to ADLS Gen 2 in which is it requires to enable the "hierarchical namespace" to utilize the functionality of Data Lake then we could configure the ACL in the folder level. Therefore, the answer is NO.

Ous01
May 28, 2021

One the storage account is created. We can't enable or disable Namespace. The storage account must be re-created. I don't understand why the answer is Yes. It should be no in my opinion.

azurenav
Jun 23, 2021

Enable HNS and ACL -- This is 100% correct

eurekamike
Jun 28, 2021

enable hierarchical namespace, then access control lists

satyamkishoresingh
Aug 12, 2021

Solution: From the storage account, you disable a hierarchical namespace, and you use access control lists (ACLs). if disable hierarchical namespace , then the case has to be NO