Creating Ranger RAZ managed identity for RAZ-enabled Azure environment

In addition to creating the required managed identities, you should create an additional managed identity named Ranger RAZ for RAZ-enabled Azure environment. You can also optionally create a custom role that can be used instead of Storage Blob Data Owner.

You can create the required managed identities as described in Minimal setup for cloud storage, and then create the following managed identity to use RAZ in Azure environment.


Managed identity	Managed identity is used for	Roles to assign to the managed identity
Ranger RAZ	Storage Account	Storage Blob Data Owner or equivalent Creating custom role to use in RAZ-enabled Azure environment Storage Blob Delegator

Perform the following steps to create the Ranger RAZ managed identity using Azure Portal:
1. On Azure Portal, navigate to Managed Identities.
2. Click +New.
3. Select the Resource group used for CDP.
4. Select your environment’s Region.
5. Specify managed identity Name. For example, Ranger RAZ.
6. Provide tags if required by your organization.
7. Click Review + create.
Perform the following steps to assign the two roles to the Ranger RAZ managed identity on the scope of the storage account created for CDP:
1. In your Azure Portal, navigate to the Storage accounts > [***your storage account***] > Access Control (IAM) page.
2. Click +Add > Add role assignment.
3. In the Add role assignment section, choose the following options:
  1. Select Storage Blob Data Owner as Role.
  2. Select User assigned managed identity as Assign access to.
  3. Select the Ranger RAZ managed identity that you created earlier.
  4. Click Save.
4. To assign the Storage Blob Delegator role to Ranger RAZ managed identity, repeat steps a through c.