The Remove-AzDataLakeGen2AclRecursive cmdlet removes ACL recursively on the specified path.
The ACL entries in original ACL, which has same AccessControlType, DefaultScope and EntityId with input ACL entries (even with different permission) wil lbe removed.
Examples
Example 1: Remove ACL recursively on a root directory of filesystem
$acl = Set-AzDataLakeGen2ItemAclObject -AccessControlType user -EntityId $id -Permission r-x -DefaultScope
$acl = Set-AzDataLakeGen2ItemAclObject -AccessControlType user -EntityId $id -Permission r-x -InputObject $acl
Remove-AzDataLakeGen2AclRecursive -FileSystem "filesystem1" -Acl $acl -Context $ctx
WARNING: To find the ACL Entry to remove, will only compare AccessControlType, DefaultScope and EntityId, will omit Permission.
FailedEntries :
TotalDirectoriesSuccessfulCount : 7
TotalFilesSuccessfulCount : 5
TotalFailureCount : 0
ContinuationToken :
This command first creates an ACL object with 2 acl entries, then removes ACL recursively on a root directory of a file system.
Example 2: Remove ACL recursively on a directory
$result = Remove-AzDataLakeGen2AclRecursive -FileSystem "filesystem1" -Path "dir1" -Acl $acl -Context $ctx
WARNING: To find the ACL Entry to remove, will only compare AccessControlType, DefaultScope and EntityId, will omit Permission.
$result
FailedEntries : {dir1/dir2/file4}
TotalDirectoriesSuccessfulCount : 500
TotalFilesSuccessfulCount : 2500
TotalFailureCount : 1
ContinuationToken : VBaHi5TfyO2ai1wYTRhIL2FjbGNibjA2c3RmATAxRDVEN0UzRENFQzZCRTAvYWRsc3Rlc3QyATAxRDY2M0ZCQTZBN0JGQTkvZGlyMC9kaXIxL2ZpbGUzFgAAAA==
$result.FailedEntries
Name IsDirectory ErrorMessage
---- ----------- ------------
dir0/dir2/file4 False This request is not authorized to perform this operation using this permission.
# user need fix the failed item , then can resume with ContinuationToken
$result = Remove-AzDataLakeGen2AclRecursive -FileSystem "filesystem1" -Path "dir1" -Acl $acl -ContinuationToken $result.ContinuationToken -Context $ctx
WARNING: To find the ACL Entry to remove, will only compare AccessControlType, DefaultScope and EntityId, will omit Permission.
$result
FailedEntries :
TotalDirectoriesSuccessfulCount : 100
TotalFilesSuccessfulCount : 1000
TotalFailureCount : 0
ContinuationToken :
This command first removes ACL recursively on a directory and failed, then resume with ContinuationToken after user fix the failed file.
This script will remove ACL recursively on directory chunk by chunk, with chunk size as BatchSize * MaxBatchCount. Chunk size is 50000 in this script.
Example 4: Remove ACL recursively on a directory and ContinueOnFailure, then resume from failures one by one
$result = Remove-AzDataLakeGen2AclRecursive -FileSystem "filesystem1" -Path "dir1" -Acl $acl -ContinueOnFailure -Context $ctx
$result
FailedEntries : {dir0/dir1/file1, dir0/dir2/file4}
TotalDirectoriesSuccessfulCount : 100
TotalFilesSuccessfulCount : 500
TotalFailureCount : 2
ContinuationToken : VBaHi5TfyO2ai1wYTRhIL2FjbGNibjA2c3RmATAxRDVEN0UzRENFQzZCRTAvYWRsc3Rlc3QyATAxRDY2M0ZCQTZBN0JGQTkvZGlyMC9kaXIxL2ZpbGUzFgAAAA==
$result.FailedEntries
Name IsDirectory ErrorMessage
---- ----------- ------------
dir0/dir1/file1 False This request is not authorized to perform this operation using this permission.
dir0/dir2/file4 False This request is not authorized to perform this operation using this permission.
# user need fix the failed item , then can resume with ContinuationToken
foreach ($path in $result.FailedEntries.Name)
{
# user code to fix failed entry in $path
#set ACL again
Remove-AzDataLakeGen2AclRecursive -FileSystem "filesystem1" -Path $path -Acl $acl -Context $ctx
}
This command first removes ACL recursively to a directory with ContinueOnFailure, and some items failed, then resume the failed items one by one.
Parameters
-Acl
The POSIX access control list to set recursively for the file or directory.
If data set size exceeds batch size then operation will be split into multiple requests so that progress can be tracked.
Batch size should be between 1 and 2000.
Default is 2000.
Set this parameter to ignore failures and continue processing with the operation on other sub-entities of the directory. Default the operation will terminate quickly on encountering failures.
Maximum number of batches that single change Access Control operation can execute. If data set size exceeds MaxBatchCount multiply BatchSize, continuation token will be return.
The path in the specified FileSystem that to change Acl recursively.
Can be a file or directory.
In the format 'directory/file.txt' or 'directory1/directory2/'.
Skip set this parameter to change Acl recursively from root directory of the Filesystem.
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters.
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
