![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 94%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EF%3C/text%3E%3C/svg%3E)
Azure Files
An Azure service that offers file shares in the cloud.
@forumId Welcome to Microsoft Q&A Forum, Thank you for posting your query here!
Firstly, Let me explain Storage File Data SMB Share Reader allows read access in Azure Storage file shares over SMB.
To access Azure Files resources with identity-based authentication, an identity (a user, group, or service principal) must have the necessary permissions at the share level. This process is similar to specifying Windows share permissions, where you specify the type of access that a particular user has to a file share. The guidance in this section demonstrates how to assign read, write, or delete permissions for a file share to an identity. We highly recommend assigning permissions by declaring actions and data actions explicitly as opposed to using the wildcard (*) character.
Most users should assign share-level permissions to specific Azure AD users or groups, and then configure Windows ACLs for granular access control at the directory and file level. However, alternatively you can set a default share-level permission to allow contributor, elevated contributor, or reader access to all authenticated identities.
- Storage File Data SMB Share Contributor allows read, write, and delete access in Azure Storage file shares over SMB.
- Storage File Data SMB Share Elevated Contributor allows read, write, delete, and modify Windows ACLs in Azure file shares over SMB.
Note: Full administrative control of a file share, including the ability to take ownership of a file, requires using the storage account key. Administrative control isn't supported with Azure AD credentials.
Since you have only reader access, hence you are facing the issues.
To assign an Azure role to an Azure AD identity, using the Azure portal, follow these steps:
- In the Azure portal, go to your file share, or Create a file share.
- Select Access Control (IAM).
- Select Add a role assignment
- In the Add role assignment blade, select the appropriate built-in role (Storage File Data SMB Share Reader, Storage File Data SMB Share Contributor) from the Role list. Leave Assign access to at the default setting: Azure AD user, group, or service principal. Select the target Azure AD identity by name or email address.
- Select Review + assign to complete the role assignment operation.
Refer to this article, how to connect azure file share using File explorer and Configure directory and file-level permissions
If the issue still persist, after providing the appropriate access and following the above, please let me know I would like to work closer on this issue!
Please let us know if you have any further queries. I’m happy to assist you further.
----------
Please do not forget to 
and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.