brk3/gist:8ff2975edf52e0728a39b7ec32cd88ba

## gistfile1.hcl
terraform {
}

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "example" {
  name     = "pbourke2010"
  location = "West Europe"
}

resource "azurerm_storage_account" "example" {
  name                     = "pbourke2010"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
  account_kind             = "StorageV2"
  is_hns_enabled           = "true"
}

data "azuread_service_principal" "example" {
  display_name = "xxx"
}

resource "azurerm_storage_data_lake_gen2_filesystem" "example" {
  name               = "example"
  storage_account_id = azurerm_storage_account.example.id

  ace {
    scope = "default"
    type = "user"
    id = data.azuread_service_principal.example.id
    permissions = "rwx"
  }

  ace {
          permissions = "---"
          scope       = "access"
          type        = "other"
  }

  ace {
          permissions = "---"
          scope       = "default"
          type        = "other"
  }
  ace {
          permissions = "r-x"
          scope       = "access"
          type        = "group"
  }
  ace {
          permissions = "r-x"
          scope       = "default"
          type        = "group"
  }
  ace {
          permissions = "rwx"
          scope       = "access"
          type        = "user"
  }
  ace {
          permissions = "rwx"
          scope       = "default"
          type        = "mask"
  }
  ace {
          permissions = "rwx"
          scope       = "default"
          type        = "user"
  }
}
	terraform {
	}

	provider "azurerm" {
	features {}
	}

	resource "azurerm_resource_group" "example" {
	name = "pbourke2010"
	location = "West Europe"
	}

	resource "azurerm_storage_account" "example" {
	name = "pbourke2010"
	resource_group_name = azurerm_resource_group.example.name
	location = azurerm_resource_group.example.location
	account_tier = "Standard"
	account_replication_type = "LRS"
	account_kind = "StorageV2"
	is_hns_enabled = "true"
	}

	data "azuread_service_principal" "example" {
	display_name = "xxx"
	}

	resource "azurerm_storage_data_lake_gen2_filesystem" "example" {
	name = "example"
	storage_account_id = azurerm_storage_account.example.id

	ace {
	scope = "default"
	type = "user"
	id = data.azuread_service_principal.example.id
	permissions = "rwx"
	}

	ace {
	permissions = "---"
	scope = "access"
	type = "other"
	}

	ace {
	permissions = "---"
	scope = "default"
	type = "other"
	}
	ace {
	permissions = "r-x"
	scope = "access"
	type = "group"
	}
	ace {
	permissions = "r-x"
	scope = "default"
	type = "group"
	}
	ace {
	permissions = "rwx"
	scope = "access"
	type = "user"
	}
	ace {
	permissions = "rwx"
	scope = "default"
	type = "mask"
	}
	ace {
	permissions = "rwx"
	scope = "default"
	type = "user"
	}
	}