Share via

manage ACL

arkiboys 9,706 Reputation points
2021-09-28T08:47:13.203+00:00

Hello,
My question is regarding the access level to the folders inside the blobstorage containers.
For example, inside blobstorage1, I have created three containers, i.e. Container1, Container2, Container3
Inside Container2, I have created a folder called market to hold .csv files
I would like to give access only to certian users to be able to edit these .csv files which are inside the market folder.
Is this to do with Manage ACL? If so, then is this on the container level or can it be at file level as well?

Thank you

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,192 questions
0 comments
Accepted answer
  1. Sumarigo-MSFT 47,466 Reputation points Microsoft Employee Moderator
    2021-09-28T13:36:05.26+00:00

    @arkiboys Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    The answer to this question is No for azure blob at file level, Instead you can you ADLS gen 2 account and manage ACL at file level . You can associate a security principal with an access level for files and directories**** in ADLS Gen 2 . ADLS Gen 2 is built on Blob Storage. You can easily manage the ACLs with many tools/languages such as Storage Explorer, PowerShell or Python.

    Folder-level ACL with Blob storage accounts: If you use ADLS (HNS) I believe you can set an ACL on a folder. For existing storage account blob container, you would need to copy into an HNS enabled storage account (current situation)

    You can use Shared access signature (SAS) can be used to restrict access to either an entire blob container or an individual blob. This is because a folder in blob storage is virtual and not a real folder. You can achieve through SAS service also refer to this Q&A thread which gives more information on your scenario

    The Set Container ACL operation sets the permissions for the specified container. The permissions indicate whether blobs in a container may be accessed publicly.

    Sets the public access permission to a storage container. and you may refer to the suggestion mentioned in this article through storage explorer

    Additional information: Authorizing access to Azure Storage

    Assign an Azure role for access to blob data

    Please let us know if you have any further queries. I’m happy to assist you further.

    Please do not forget to 135963-image.png and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alan Kinane 16,951 Reputation points MVP Volunteer Moderator
    2021-09-28T09:54:50.083+00:00

    Hi, I'm assuming your users are accessing the storage containers through the Azure portal here. If so, you can use RBAC assignments to delegate permissions but you can only go as low as the container level, i.e. to container2 in your example. You can't assign permissions on the blob (file) level. https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory

    If you use an Azure Files share instead then you can integrate this share with Active Directory to apply NTFS permissions at the file level. This might be the better option as you can mount this file share to your devices rather than accessing through the Azure portal. https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-enable

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.