You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/hdinsight/hdinsight-storage-sharedaccesssignature-permissions.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -34,7 +34,7 @@ HDInsight has full access to data in the Azure Storage accounts associated with
34
34
35
35
* If using C#, Visual Studio must be version 2013 or higher.
36
36
37
-
* The [URI scheme](./hdinsight-hadoop-linux-information.md#URI-and-scheme) for your storage account. This would be `wasb://` for Azure Storage, `abfs://` for Azure Data Lake Storage Gen2 or `adl://` for Azure Data Lake Storage Gen1. If secure transfer is enabled for Azure Storage, the URI would be `wasbs://`. See also, [secure transfer](../storage/common/storage-require-secure-transfer.md).
37
+
* The [URI scheme](./hdinsight-hadoop-linux-information.md#URI-and-scheme) for your storage account. This scheme would be `wasb://` for Azure Storage, `abfs://` for Azure Data Lake Storage Gen2 or `adl://` for Azure Data Lake Storage Gen1. If secure transfer is enabled for Azure Storage, the URI would be `wasbs://`. See also, [secure transfer](../storage/common/storage-require-secure-transfer.md).
38
38
39
39
* An existing HDInsight cluster to add a Shared Access Signature to. If not, you can use Azure PowerShell to create a cluster and add a Shared Access Signature during cluster creation.
40
40
@@ -49,11 +49,11 @@ HDInsight has full access to data in the Azure Storage accounts associated with
49
49
50
50
There are two forms of Shared Access Signatures:
51
51
52
-
* Ad hoc: The start time, expiry time, and permissions for the SAS are all specified on the SAS URI.
52
+
*`Ad hoc`: The start time, expiry time, and permissions for the SAS are all specified on the SAS URI.
53
53
54
-
* Stored access policy: A stored access policy is defined on a resource container, such as a blob container. A policy can be used to manage constraints for one or more shared access signatures. When you associate a SAS with a stored access policy, the SAS inherits the constraints - the start time, expiry time, and permissions - defined for the stored access policy.
54
+
*`Stored access policy`: A stored access policy is defined on a resource container, such as a blob container. A policy can be used to manage constraints for one or more shared access signatures. When you associate a SAS with a stored access policy, the SAS inherits the constraints - the start time, expiry time, and permissions - defined for the stored access policy.
55
55
56
-
The difference between the two forms is important for one key scenario: revocation. A SAS is a URL, so anyone who obtains the SAS can use it, regardless of who requested it to begin with. If a SAS is published publicly, it can be used by anyone in the world. A SAS that is distributed is valid until one of four things happens:
56
+
The difference between the two forms is important for one key scenario: revocation. A SAS is a URL, so anyone who obtains the SAS can use it. It doesn't matter who requested it to begin with. If a SAS is published publicly, it can be used by anyone in the world. A SAS that is distributed is valid until one of four things happens:
57
57
58
58
1. The expiry time specified on the SAS is reached.
59
59
@@ -75,7 +75,7 @@ For more information on Shared Access Signatures, see [Understanding the SAS mod
75
75
76
76
## Create a stored policy and SAS
77
77
78
-
Save the SAS token that is produced at the end of each method. The token will look similar to the following:
78
+
Save the SAS token that is produced at the end of each method. The token will look similar to the following output:
@@ -217,9 +217,9 @@ You may need to execute `pip install --upgrade azure-storage` if you receive the
217
217
218
218
## Use the SAS with HDInsight
219
219
220
-
When creating an HDInsight cluster, you must specify a primary storage account and you can optionally specify additional storage accounts. Both of these methods of adding storage require full access to the storage accounts and containers that are used.
220
+
When creating an HDInsight cluster, you must specify a primary storage account. You can also specify additional storage accounts. Both of these methods of adding storage require full access to the storage accounts and containers that are used.
221
221
222
-
To use a Shared Access Signature to limit access to a container, add a custom entry to the **core-site** configuration for the cluster. You can add the entry during cluster creation using PowerShell or after cluster creation using Ambari.
222
+
Use a Shared Access Signature to limit container access. Add a custom entry to the **core-site** configuration for the cluster. You can add the entry during cluster creation using PowerShell or after cluster creation using Ambari.
0 commit comments