Azure Storage Accounts GEN 2 hide files/folders/containers to some users

Giuditta Davini 1 Reputation point
2022-05-05T14:33:21.93+00:00

hello:
my situation is that I have a storage account with some containers, each container got two folders and many subfolder.
my goal is to give access to users to go in a specific folder, write a blob and do not interact with anything else
structure example:
storageaccount/container1/folder1 -->user1 will have the grant to write here (
storageaccount/container1/folder2 -->user1 will see this folder but cannot enter it or interact with it (or at least just to read)
storageaccount/container2/folder1 -->user1 will not see this folder. if user 1 will go on storageaccount/ it will only see container1, because is the only one that he can access to
storageaccount/container2/folder2
storageaccount/container3/folder1
storageaccount/container4/folder2

is this possible? which ACLs i need to write for user1? i need to set specific rules on my containers?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,913 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,616 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. SaiKishor-MSFT 17,221 Reputation points
    2022-05-09T03:03:33.967+00:00

    @Giuditta Davini Thank you for reaching out to Microsoft Q&A. I understand that you want to grant access/permissions to users per folder in the Storage Account.

    Please refer to a similar issue discussed here- https://learn.microsoft.com/en-us/answers/questions/654664/azure-storage-gt-permissions-per-folder.html

    You can use Shared Access Signature (SAS) which provides delegated access to resources in your storage account. You can grant a client limited permissions to objects in your storage account for a specified period of time and with a specified set of permissions, without having to share your account access keys. To know more about using SAS for a blob container, please refer this document.

    You can also configure directory and file level permissions over SMB in Azure File Share (After you assign share-level permissions with Azure RBAC, you must configure proper Windows ACLs at the root, directory, or file level, to take advantage of granular access control.)

    Hope this helps. Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

    Remember:

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    Want a reminder to come back and check responses? Here is how to subscribe to a notification.

    0 comments No comments