How to find the superuser for a container in adls2

Question

I have a container created by someone and I'm using it load the data. In the manage access tab I see my user name and also $superuser(Owner) and $superuser(Owning Group) with different level of ACLs set.

How to find who is the superuser for that container? I tried Get Properties API but still seeing the response as $superuser

Answer 1

You could use the Az powershell command to get $superuser(Owner), it returns the Object ID of the Owner, which could be a user, group, service principal in Azure AD.

Connect-AzAccount
$storageAccount = Get-AzStorageAccount -ResourceGroupName <group-name> -AccountName <storage-account-name>
$ctx = $storageAccount.Context
$filesystemName = "<container-name>"
$filesystem = Get-AzDataLakeGen2Item -Context $ctx -FileSystem $filesystemName
$filesystem.Owner

If you want to get the details of the Object ID, you could use the AzureAD command below.

Connect-AzureAD
Get-AzureADObjectByObjectId -ObjectIds $filesystem.Owner

Update:

Yes, you could use the azure cli command az storage blob directory access show, first you need to add the storage-preview extension.

az extension add -n storage-preview
az login
az storage blob directory access show -d '/' -c '<container-name>' --account-name '<account-name>'

It also returns the Object ID of the $superuser(Owner), but in azure cli, there is no built-in command to get the directory object with Object ID, you can get the details about the object with az ad user show, az ad sp show, az ad group show, you need to know the type of the object previously.

If you don't know the type of the object, you can just use az rest to call Microsoft Graph to get the details.

az rest --method get --uri https://graph.microsoft.com/v1.0/directoryObjects/<Object ID>