Azure Fine-grained Access ControlPDF version

Creating Ranger RAZ managed identity for RAZ-enabled Azure environment

In addition to creating the required managed identities, you should create an additional managed identity named Ranger RAZ for RAZ-enabled Azure environment. You can also optionally create a custom role that can be used instead of Storage Blob Data Owner.

You can create the required managed identities as described in Minimal setup for cloud storage, and then create the following managed identity to use RAZ in Azure environment.

Managed identity Managed identity is used for Roles to assign to the managed identity

Ranger RAZ

Storage Account
  1. Perform the following steps to create the Ranger RAZ managed identity using Azure Portal:
    1. On Azure Portal, navigate to Managed Identities.
    2. Click +New.
    3. Select the Resource group used for Cloudera.
    4. Select your environment’s Region.
    5. Specify managed identity Name. For example, Ranger RAZ.
    6. Provide tags if required by your organization.
    7. Click Review + create.
  2. Perform the following steps to assign the two roles to the Ranger RAZ managed identity on the scope of the storage account created for Cloudera:
    1. In your Azure Portal, navigate to the Storage accounts > [***your storage account***] > Access Control (IAM) page.
    2. Click +Add > Add role assignment.
    3. In the Add role assignment section, choose the following options:
      1. Select Storage Blob Data Owner as Role.
      2. Select User assigned managed identity as Assign access to.
      3. Select the Ranger RAZ managed identity that you created earlier.
      4. Click Save.
    4. To assign the Storage Blob Delegator role to Ranger RAZ managed identity, repeat steps a through c.

We want your opinion

How can we improve this page?

What kind of feedback do you have?