Azure ADLS2 ACL CLI add multiple Groups

Fabian Schmid 6 Reputation points


while managing file system access and permissions with cli I'm not able to add multiple AD Groups to a directory. The previously added ones will be overwritten.
Is there a possibility to fix this issue? In the example below, only the AD group test2 is displayed in the test_folder with execute rights after execution of the Devops pipeline.

  • task: AzureCLI@1
    displayName: 'Execute Permission on folder'
    azureSubscription: 'XXX'
    scriptLocation: 'inlineScript'
    inlineScript: |
    az storage fs access set --acl "group:test1:--x" -p test_folder/ -f data --account-name teststorage --auth-mode key --account-key key123
    az storage fs access set --acl "group:test2:--x" -p test_folder/ -f data --account-name teststorage --auth-mode key --account-key key123

Many thanks in advance!


Azure Data Lake Storage
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
1,392 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Fabian Schmid 6 Reputation points

    Hi Kranthi,

    thanks for your reply. I noticed this behavior with the cloud shell as well. Haven't tried the solution with powershell so far.

    But found some workaround for this problem already. Instead of using "access set", "access update-recursive" does work. The disadvantage here is that if you have a specific sub-folder structure, where not every group of a parent folder should get the rights to all sub-folders, you always have to remove the rights for underlying sub-folders with "access remove-recursive".

    For the future, an option like "access update-set", which is not available so far, would be great.

    Thanks for your support anyway!


    1 person found this answer helpful.

  2. KranthiPakala-MSFT 46,427 Reputation points Microsoft Employee

    Hi @Fabian Schmid ,

    Thanks for using MS Q&A forum and posting your query.

    Could you please confirm if you have noticed this behavior only through DevOps pipeline or through cloud shell as well?

    Here is thread where a similar requirement (but using powershell) is being discussed. Would recommend similar approach and see if that helps - Adls gen 2 ACL permissions powershell multiple entries

    Please let us know how it goes.

    Thank you

    0 comments No comments