@EnterpriseArchitect Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.
Let me explain how this roles works and they are been defined, see here based on your requirement you can assign
You can do an AD integration with SMB to grant access to users. Here you can learn more about it : https://azure.microsoft.com/en-us/blog/better-security-with-enhanced-access-control-experience-in-azure-files/ also if possible review the RBAC roles article What is Azure role-based access control (Azure RBAC)?
• Using Azure AD authentication and combination of READER on storage account plus different roles on the File Shares (in addition more granular user permissions on individual shares or even directories / files)
OR
• Managing Shared Access Signature per User / Group of users and giving that SAS particular access over a file share
Hope this helps!
Kindly let us know if the above helps or you need further assistance on this issue.
---------------------------------------------------------------------------------------------------------------------------------
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.