how to provide the folder permission in a fileshare of storage account

Question

how to provide the folder permission in a fileshare of storage account to download all the files from the url

Answer 1

Hi 37821879,

Thanks for reaching out to Microsoft Q&A.

To grant folder permissions in an Azure Data Lake Storage (ADLS) file share, follow these steps:

1. Shared Access Signature (SAS):

• Direct access to files stored in a file service is not allowed because the share containing these files has a Private ACL. Unlike blob containers, there’s no way to change the ACL of a share.
• To allow controlled access, create a Shared Access Signature (SAS) on the specific folder you want to grant permissions for.
• When creating the SAS, ensure that at least Read permission is included, as this permission is required to access the folder and its contents.
• You can generate the SAS URL programmatically or through the Azure Portal.

2. Using the SAS URL:

• Once you have the SAS URL, you can use it to directly access the folder.
• Construct the access URL by appending the SAS token to the folder’s original URL.
• For example: https://myaccount.file.core.windows.net/myshare/myfolder?mySAStoken
• Replace myaccount, myshare, and myfolder with your actual storage account, file share, and folder names, respectively.

3. Azure Storage Explorer (Optional):

• If you prefer a graphical interface, consider using Azure Storage Explorer.
• Download and install the latest version of Azure Storage Explorer.
• Open it, navigate to your file share, select the desired folder, and right-click to manage permissions or generate a SAS URL.
• Remember that the SAS URL provides temporary access, so ensure that it’s used securely and only by authorised parties.

Please 'Upvote'(Thumbs-up) and 'Accept' as an answer if the reply was helpful. This will benefit other community members who face the same issue.

Answer 2

@37821879 Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

I'm assuming you want to download all the files from a file share in a storage account and you need to provide folder permission to do so. To provide folder permission in a file share of a storage account,

All files can't be downloaded using URL in Azure File Share.

You can use Azcopy Azure Storage Explorer tool or SDks to download folders

To provide folder-level permissions in a file share of a storage account, you can use Azure Active Directory (Azure AD) authentication and access control. Here are the steps to provide folder-level permissions:1. Create an Azure AD group and add the users who need access to the file share to the group.

1. Create a shared access signature (SAS) token for the file share that includes the permissions you want to grant, such as read or write access.

Use the SAS token to access the file share from the client application or script that needs to

download the files.https://<storageaccountname>.file.core.windows.net/<sharename>/<path-to-file>?<SAS-token>

To achieve your requirement you need Enable on-premises AD DS authentication and authorization over SMB for Azure file shares

Azure Files supports identity-based authentication for Windows file shares over Server Message Block (SMB) using the Kerberos authentication protocol through the following three methods: > - On-premises Active Directory Domain Services (AD DS) > - Azure Active Directory Domain Services (Azure AD DS) > - Azure Active Directory (Azure AD) Kerberos for hybrid user identities

And then you can Configure directory and file-level permissions over SMB

This is article provides detailed information on permission. https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-assign-permissions?tabs=azure-portal

Best option to download the Files from share folder data using Azure Storage explorer tool

Please let us know if you have any further queries. I’m happy to assist you further.    

---

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.