数据访问配置Data access configuration

重要

此功能目前以公共预览版提供。This feature is in Public Preview. 请联系 Azure Databricks 代表,以申请访问权限。Contact your Azure Databricks representative to request access.

本文介绍 Azure Databricks SQL Analytics 管理员使用 UI 对所有 SQL 终结点执行的数据访问配置。This article describes the data access configurations performed by Azure Databricks SQL Analytics administrators using the UI for all SQL endpoints.

若要使用 Databricks REST API 配置所有 SQL 终结点,请参阅全局 SQL 终结点 APITo configure all SQL endpoints using the Databricks REST API, see Global SQL Endpoints API.

重要

更改这些设置将重启所有正在运行的 SQL 终结点。Changing these settings restarts all running SQL endpoints.

配置服务主体 Configure a service principal

Azure Databricks SQL Analytics 管理员可以将所有终结点配置为使用 Azure 服务主体访问 Azure 存储。An Azure Databricks SQL Analytics administrator can configure all endpoints to use an Azure service principal to access Azure storage.

  1. 创建可访问资源的 Azure AD 应用程序和服务主体Create an Azure AD application and service principal that can access resources. 请注意以下属性:Note the following properties:

    • application-id:唯一标识应用程序的 ID。application-id: An ID that uniquely identifies the application.
    • directory-id:唯一标识 Azure AD 实例的 ID。directory-id: An ID that uniquely identifies the Azure AD instance.
    • storage-account-name:存储帐户的名称。storage-account-name: The name of the storage account.
    • service-credential:一个字符串,应用程序用来证明其身份。service-credential: A string that the application uses to prove its identity.
  2. 注册服务主体,并在 Azure Data Lake Storage Gen2 帐户上授予正确的角色分配,如存储 Blob 数据参与者。Register the service principal, granting the correct role assignment, such as Storage Blob Data Contributor, on the Azure Data Lake Storage Gen2 account.

  3. 配置数据访问属性中配置以下属性:Configure the following properties in Configure data access properties:

    spark.hadoop.fs.azure.account.auth.type.<storage-account-name>.dfs.core.windows.net OAuth
    spark.hadoop.fs.azure.account.oauth.provider.type.<storage-account-name>.dfs.core.windows.net org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider
    spark.hadoop.fs.azure.account.oauth2.client.id.<storage-account-name>.dfs.core.windows.net <application-id>
    spark.hadoop.fs.azure.account.oauth2.client.secret.<storage-account-name>.dfs.core.windows.net {{secrets/<scope-name>/<secret-name>}}
    spark.hadoop.fs.azure.account.oauth2.client.endpoint.<storage-account-name>.dfs.core.windows.net https://login.microsoftonline.com/<directory-id>/oauth2/token
    

    其中,<secret-name> 是包含服务主体机密的机密的密钥,而 <scope-name> 是包含密钥的范围。where <secret-name> is a key for the secret containing the service principal secret and <scope-name> is the scope containing the secret key.

配置数据访问属性 Configure data access properties

Azure Databricks SQL Analytics 管理员可使用数据访问属性配置所有终结点。An Azure Databricks SQL Analytics administrator can configure all endpoints with data access properties.

  1. 单击边栏底部的用户设置图标图标,然后选择“设置”。Click the User Settings Icon icon at the bottom of the sidebar and select Settings.
  2. 单击“SQL 终结点设置”选项卡。Click the SQL Endpoint Settings tab.
  3. 在“数据访问配置”文本框中,指定包含元存储属性的键值对。In the Data Access Configuration textbox, specify key-value pairs containing metastore properties.
  4. 单击“保存” 。Click Save.

支持的属性Supported properties

  • spark.sql.hive.metastore.*
  • spark.sql.warehouse.dir
  • spark.hadoop.datanucleus.*
  • spark.hadoop.fs.*
  • spark.hadoop.hive.*
  • spark.hadoop.javax.jdo.option.*
  • spark.hive.*

若要详细了解如何设置这些属性,请参阅外部 Hive 元存储For details on how to set these properties, see External Hive metastore.