![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 61%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Azure Files
An Azure service that offers file shares in the cloud.
1,160 questions
@SenhorDolas Welcome to Microsoft Q&A Forum, Thank you for posting your query here!
Will the users members of "Storage File Data SMB Share Reader" RBAC permissions still able to read inside "Private" folder? YES they can read the information
This thread gives detailed information, How RBAC works
Any role that is assigned to the subscription, that flows down and gets inherited to all the resources, that comes under that subscription. Similarly, any role on a Resource Group, gets inherited to all the resources, within that Resource Groups. There is no way to block this inheritance as this is by design and RBAC roles will flow down from the top to bottom level based on where the RBAC role is applied.
One thing that can be done is to use "Deny Assignments", where you can specify certain users not to perform certain tasks on a particular resource.
You can read more on Deny Assignments here.
Please let us know if you have any further queries. I’m happy to assist you further.
----------
Please do not forget to 
and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.