Share via


az storage blob directory access

Note

This reference is part of the storage-preview extension for the Azure CLI (version 2.61.0 or higher). The extension will automatically install the first time you run an az storage blob directory access command. Learn more about extensions.

This command group is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

This command group is implicitly deprecated because command group 'storage blob directory' is deprecated and will be removed in a future release. Use 'az storage fs directory' instead.

Manage the access control properties of a directory when Hierarchical Namespace is enabled.

Commands

Name Description Type Status
az storage blob directory access set

Set the access control properties of a directory.

Extension Preview and Deprecated
az storage blob directory access show

Show the access control properties of a directory.

Extension Preview and Deprecated
az storage blob directory access update

Update the access control properties of a directory.

Extension Preview and Deprecated

az storage blob directory access set

Preview Deprecated

Command group 'storage blob directory access' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

This command is implicitly deprecated because command group 'storage blob directory' is deprecated and will be removed in a future release. Use 'az storage fs directory' instead.

Set the access control properties of a directory.

az storage blob directory access set --acl-spec
                                     --container-name
                                     --directory-path
                                     [--account-key]
                                     [--account-name]
                                     [--auth-mode {key, login}]
                                     [--connection-string]
                                     [--if-match]
                                     [--if-modified-since]
                                     [--if-none-match]
                                     [--if-unmodified-since]
                                     [--lease-id]
                                     [--sas-token]
                                     [--timeout]

Examples

Set the access control properties of a directory.

az storage blob directory access set -a "user::rwx,group::r--,other::---" -d MyDirectoryPath -c MyContainer --account-name MyStorageAccount

Required Parameters

--acl-spec -a

The ACL specification to set on the path in the format "[default:]user|group|other|mask:[entity id or UPN]:r|-w|-x|-,[default:]user|group|other|mask:[entity id or UPN]:r|-w|-x|-,...". e.g."user::rwx,user:john.doe@contoso:rwx,group::r--,other::---,mask::rwx".

--container-name -c

The container name.

--directory-path -d

The directory path name.

Optional Parameters

--account-key

Storage account key. Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_KEY.

--account-name

Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT. Must be used in conjunction with either storage account key or a SAS token. If neither are present, the command will try to query the storage account key using the authenticated Azure account. If a large number of storage commands are executed the API quota may be hit.

--auth-mode

The mode in which to run the command. "login" mode will directly use your login credentials for the authentication. The legacy "key" mode will attempt to query for an account key if no authentication parameters for the account are provided. Environment variable: AZURE_STORAGE_AUTH_MODE.

Accepted values: key, login
--connection-string

Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.

--if-match

An ETag value. Specify this header to perform the operation only if the resource's ETag matches the value specified. The ETag must be specified in quotes.

--if-modified-since

Alter only if modified since supplied UTC datetime (Y-m-d'T'H:M'Z').

--if-none-match

An ETag value or the special wildcard ("*") value. Specify this header to perform the operation only if the resource's ETag does not match the value specified. The ETag must be specified in quotes.

--if-unmodified-since

Alter only if unmodified since supplied UTC datetime (Y-m-d'T'H:M'Z').

--lease-id

Required if the path has an active lease.

--sas-token

A Shared Access Signature (SAS). Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_SAS_TOKEN.

--timeout

Request timeout in seconds. Applies to each call to the service.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az storage blob directory access show

Preview Deprecated

Command group 'storage blob directory access' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

This command is implicitly deprecated because command group 'storage blob directory' is deprecated and will be removed in a future release. Use 'az storage fs directory' instead.

Show the access control properties of a directory.

az storage blob directory access show --container-name
                                      --directory-path
                                      [--account-key]
                                      [--account-name]
                                      [--auth-mode {key, login}]
                                      [--connection-string]
                                      [--if-match]
                                      [--if-modified-since]
                                      [--if-none-match]
                                      [--if-unmodified-since]
                                      [--lease-id]
                                      [--sas-token]
                                      [--timeout]
                                      [--user-principle-names]

Examples

Show the access control properties of a directory.

az storage blob directory access show -d MyDirectoryPath -c MyContainer --account-name MyStorageAccount

Required Parameters

--container-name -c

The container name.

--directory-path -d

The directory path name.

Optional Parameters

--account-key

Storage account key. Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_KEY.

--account-name

Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT. Must be used in conjunction with either storage account key or a SAS token. If neither are present, the command will try to query the storage account key using the authenticated Azure account. If a large number of storage commands are executed the API quota may be hit.

--auth-mode

The mode in which to run the command. "login" mode will directly use your login credentials for the authentication. The legacy "key" mode will attempt to query for an account key if no authentication parameters for the account are provided. Environment variable: AZURE_STORAGE_AUTH_MODE.

Accepted values: key, login
--connection-string

Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.

--if-match

An ETag value. Specify this header to perform the operation only if the resource's ETag matches the value specified. The ETag must be specified in quotes.

--if-modified-since

Alter only if modified since supplied UTC datetime (Y-m-d'T'H:M'Z').

--if-none-match

An ETag value or the special wildcard ("*") value. Specify this header to perform the operation only if the resource's ETag does not match the value specified. The ETag must be specified in quotes.

--if-unmodified-since

Alter only if unmodified since supplied UTC datetime (Y-m-d'T'H:M'Z').

--lease-id

Required if the path has an active lease.

--sas-token

A Shared Access Signature (SAS). Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_SAS_TOKEN.

--timeout

Request timeout in seconds. Applies to each call to the service.

--user-principle-names

Valid only when Hierarchical Namespace is enabled for the account. If "true", the user identity values returned for owner, group, and acl will be transformed from Azure Active Directory Object IDs to User Principal Names. If "false", the values will be returned as Azure Active Directory Object IDs. The default value is false. Note that group and application Object IDs are not translated because they do not have unique friendly names.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az storage blob directory access update

Preview Deprecated

Command group 'storage blob directory access' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

This command is implicitly deprecated because command group 'storage blob directory' is deprecated and will be removed in a future release. Use 'az storage fs directory' instead.

Update the access control properties of a directory.

az storage blob directory access update --container-name
                                        --directory-path
                                        [--account-key]
                                        [--account-name]
                                        [--acl-spec]
                                        [--auth-mode {key, login}]
                                        [--connection-string]
                                        [--group]
                                        [--if-match]
                                        [--if-modified-since]
                                        [--if-none-match]
                                        [--if-unmodified-since]
                                        [--lease-id]
                                        [--owner]
                                        [--permissions]
                                        [--sas-token]
                                        [--timeout]

Examples

Update the access permissions of a directory.

az storage blob directory access update --permissions "rwxrwxrwx" -d MyDirectoryPath -c MyContainer --account-name MyStorageAccount

Update the owning user of a directory.

az storage blob directory access update --owner [entityId/UPN] -d MyDirectoryPath -c MyContainer --account-name MyStorageAccount

Update the owning group of a directory.

az storage blob directory access update --group [entityId/UPN] -d MyDirectoryPath -c MyContainer --account-name MyStorageAccount

Required Parameters

--container-name -c

The container name.

--directory-path -d

The directory path name.

Optional Parameters

--account-key

Storage account key. Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_KEY.

--account-name

Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT. Must be used in conjunction with either storage account key or a SAS token. If neither are present, the command will try to query the storage account key using the authenticated Azure account. If a large number of storage commands are executed the API quota may be hit.

--acl-spec -a

The ACL specification to set on the path in the format "[default:]user|group|other|mask:[entity id or UPN]:r|-w|-x|-,[default:]user|group|other|mask:[entity id or UPN]:r|-w|-x|-,...". e.g."user::rwx,user:john.doe@contoso:rwx,group::r--,other::---,mask::rwx".

--auth-mode

The mode in which to run the command. "login" mode will directly use your login credentials for the authentication. The legacy "key" mode will attempt to query for an account key if no authentication parameters for the account are provided. Environment variable: AZURE_STORAGE_AUTH_MODE.

Accepted values: key, login
--connection-string

Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.

--group

The owning group for the directory.

--if-match

An ETag value. Specify this header to perform the operation only if the resource's ETag matches the value specified. The ETag must be specified in quotes.

--if-modified-since

Alter only if modified since supplied UTC datetime (Y-m-d'T'H:M'Z').

--if-none-match

An ETag value or the special wildcard ("*") value. Specify this header to perform the operation only if the resource's ETag does not match the value specified. The ETag must be specified in quotes.

--if-unmodified-since

Alter only if unmodified since supplied UTC datetime (Y-m-d'T'H:M'Z').

--lease-id

Required if the path has an active lease.

--owner

The owning user for the directory.

--permissions

The POSIX access permissions for the file owner,the file owning group, and others. Both symbolic (rwxrw-rw-) and 4-digit octal notation (e.g. 0766) are supported.

--sas-token

A Shared Access Signature (SAS). Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_SAS_TOKEN.

--timeout

Request timeout in seconds. Applies to each call to the service.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.