Azure ADLS2 ACL CLI add multiple Groups

Question

Hi,

while managing file system access and permissions with cli I'm not able to add multiple AD Groups to a directory. The previously added ones will be overwritten.
Is there a possibility to fix this issue? In the example below, only the AD group test2 is displayed in the test_folder with execute rights after execution of the Devops pipeline.

• task: AzureCLI@1
  displayName: 'Execute Permission on folder'
  inputs:
  azureSubscription: 'XXX'
  scriptLocation: 'inlineScript'
  inlineScript: |
  az storage fs access set --acl "group:test1:--x" -p test_folder/ -f data --account-name teststorage --auth-mode key --account-key key123
  az storage fs access set --acl "group:test2:--x" -p test_folder/ -f data --account-name teststorage --auth-mode key --account-key key123

Many thanks in advance!

Regards
FS

Answer 1

Hi Kranthi,

thanks for your reply. I noticed this behavior with the cloud shell as well. Haven't tried the solution with powershell so far.

But found some workaround for this problem already. Instead of using "access set", "access update-recursive" does work. The disadvantage here is that if you have a specific sub-folder structure, where not every group of a parent folder should get the rights to all sub-folders, you always have to remove the rights for underlying sub-folders with "access remove-recursive".

For the future, an option like "access update-set", which is not available so far, would be great.

Thanks for your support anyway!

Regards
FS

Answer 2

Hi @Fabian Schmid ,

Thanks for using MS Q&A forum and posting your query.

Could you please confirm if you have noticed this behavior only through DevOps pipeline or through cloud shell as well?

Here is thread where a similar requirement (but using powershell) is being discussed. Would recommend similar approach and see if that helps - Adls gen 2 ACL permissions powershell multiple entries

Please let us know how it goes.

Thank you