Clarification on AD Groups

[ashfondu]

Hi can you provide clarification on what the 'Read-only Group/Read-write Group' means, seems like SP is part of the AD group. ADLS will be accessed via SP hence i am unclear how the rest of the group can leverage the mount setup by the SP.

[hurtn]

Hello, sorry for the delay. Yes typically you will have AAD security groups created one for reading and one for writing. In the pattern where you use multiple workspaces to separate users that have read permissions vs those who have write permissions, you will use a service principal which belongs to a security group and create a workspace mount or use direct path using that service principal. Only those users belonging to the workspace will have access to use that mount or service principal (for example where you put the service principal client ID and secret in a secret scope that everyone in that workspace can access). Hope that helps?