This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 28.000000000000004%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKJ%3C/text%3E%3C/svg%3E)
In the Unit 4 Set up a file share for MSIX app attach of Install and configure apps on a session host of the Manage user environments and apps for Azure Virtual Desktop, the instructions list to use "Storage File Data SMB Share Contributor" for the required role and then only "Read and Execute, Read, List folder contents." These will work fine for the shares and works as expected. However, this article is then used a basis for prep of asking what permission to use for the least privileged access for the delegated role and Storage File Data SMB Share Contributor & Storage File Data SMB Share Reader are both given as options. In this question, Storage File Data SMB Share Reader is the right answer because Read & Execute, and List Folder Contents are both allowed with a Read level share permission, but because it is using this step as the backing, the correct answer is marked as Contributor which is NOT the least privilege needed.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 3%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Hi K. J. Skinner,
Thank you for reaching out to us on Microsoft Q&A forum.
We are looking into it and will respond to you as soon as possible.
Regards,
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 16%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
Hi K. J. Skinner,
Thanks for reaching out to us on the Microsoft Q&A forum.
When we talk about the permissions available at the level of sharing, there are specific built-in roles that serve different purposes:
Please refer to the following document and you can explore Share-level permissions further.
Please don't hesitate to reach out to us if you have any further queries.
If the information is helpful, please Accept Answer & Upvote so that it would be helpful to other community members.
Thank you.