@Morita Welcome to Microsoft Q&A Forum, Thank you for posting your query here!
When you mount the Azure File share on client machine you will provide complete access in those scenario, you can use Azure Storage Explorer with RBAC. Where the user will have limited access to the users
In this scenario Storage account key is an administrator key for a storage account, including administrator permissions to all files and folders within the file share you're accessing, and for all file shares and other storage resources (blobs, queues, tables, etc.) contained within your storage account. If this is not sufficient for your workload, Azure File Sync may be used, or you may use identity-based authentication over SMB.
You can use shared access signatures to generate tokens that have specific permissions, and which are valid for a specified time interval. For example, you can generate a token that gives read/write-only access to a specific file, for a set period of time. Anyone who possesses the URL can access the file directly from any web browser while the token is valid. You can easily generate a shared access signature key from a UI like Storage Explorer.
Addition information: How RBAC works
Please let us know if you have any further queries. I’m happy to assist you further.
Please do not forget to and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.