You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -118,7 +119,7 @@ Azure AD application authentication is the simplest and most common authenticati
118
119
Grant the following privileges on an Azure Data Explorer cluster:
119
120
120
121
* For reading (data source), the Azure AD identity must have *viewer* privileges on the target database, or *admin* privileges on the target table.
121
-
* For writing (data sink), the Azure AD identity must have *ingestor* privileges on the target database. It must also have *user* privileges on the target database to create new tables. If the target table already exists, you can configure *admin* privileges on the target table.
122
+
* For writing (data sink), the Azure AD identity must have *ingestor* privileges on the target database. It must also have *user* privileges on the target database to create new tables. If the target table already exists, you must configure *admin* privileges on the target table.
122
123
123
124
For more information on Azure Data Explorer principal roles, see [role-based authorization](/azure/kusto/management/access-control/role-based-authorization). For managing security roles, see [security roles management](/azure/kusto/management/security-roles).
124
125
@@ -175,7 +176,7 @@ For more information on Azure Data Explorer principal roles, see [role-based aut
175
176
import java.util.concurrent.TimeUnit
176
177
import org.apache.spark.sql.streaming.Trigger
177
178
178
-
// Set up a checkpoint and disable codeGen. Set up a checkpoint and disable codeGen as a workaround for an known issue
@@ -219,7 +220,8 @@ For more information on Azure Data Explorer principal roles, see [role-based aut
219
220
display(df2)
220
221
```
221
222
222
-
1. Optional: If **you** provide the transient blob storage (and not Microsoft) for reading [large amounts of data](/azure/kusto/concepts/querylimits), you must provide the storage container SAS key, or storage account name, account key, and container name.
223
+
1. Optional: If **you** provide the transient blob storage (and not Azure Data Explorer) the blobs are created are under the caller's responsibility. This includes provisioning the storage, rotating access keys, deleting transient artifacts etc.
224
+
The KustoBlobStorageUtils module contains helper functions for deleting blobs based on either account and container coordinates and account credentials, or a full SAS URL with write, read and list permissions. When the corresponding RDD is no longer needed, each transaction stores transient blob artifacts in a separate directory. This directory is captured as part of read-transaction information logs reported on the Spark Driver node.
223
225
224
226
```scala
225
227
// Use either container/account-key/account name, or container SaS
@@ -251,7 +253,7 @@ For more information on Azure Data Explorer principal roles, see [role-based aut
251
253
display(dfFiltered)
252
254
```
253
255
254
-
* If **Microsoft** provides the transient blob storage, read from Azure Data Explorer as follows:
256
+
* If **Azure Data Explorer** provides the transient blob storage, read from Azure Data Explorer as follows:
255
257
256
258
```scala
257
259
val dfFiltered = df2
@@ -266,4 +268,4 @@ For more information on Azure Data Explorer principal roles, see [role-based aut
266
268
## Next steps
267
269
268
270
* Learn more about the [Azure Data Explorer Spark Connector](https://github.com/Azure/azure-kusto-spark/tree/master/docs)
0 commit comments