Create a storage account to use with Microsoft Azure Data Lake Storage Gen2 and enable

Hierarchical namespace

in the Azure portal. You can use role-based access control or access control lists to authorize the users to access the resources in the storage account.

Role-based access control
If you use role-based access control, assign the Contributor role or Reader role to the users.
The contributor role grants you full access to manage all resources in the storage account, but does not allow you to assign roles.
The reader role allows you to view all resources in the storage account, but does not allow you to make any changes.
To add or remove role assignments, you must have write and delete permissions, such as an Owner role.
Access control lists
If you use access control lists, you can provide read, write, and execute permissions to each directory and file for users.

Register an application in Azure Active Directory to authenticate users to access the Microsoft Azure Data Lake Storage Gen2 account. You can use role-based access control or access control lists to authorize the application.

Role-based access control
If you use role-based access control, assign the Storage Blob Data Contributor or Storage Blob Data Reader role to the application.
The Storage Blob Data Contributor role lets you read, write, and delete Azure Storage containers and blobs in the storage account.
The Storage Blob Data Reader role lets you only read and list Azure Storage containers and blobs in the storage account.
Access control lists
If you use access control lists, you can provide read, write, and execute permissions to each directory and file in the container.

Create a file system for Microsoft Azure Data Lake Storage Gen2.

To access objects from an HDI 4.0 Kerberised cluster, configure the impersonation user details in your Azure Data Lake Storage Gen2 account.