az storage blob directory access
Note
This reference is part of the storage-preview extension for the Azure CLI (version 2.61.0 or higher). The extension will automatically install the first time you run an az storage blob directory access command. Learn more about extensions.
This command group is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
This command group is implicitly deprecated because command group 'storage blob directory' is deprecated and will be removed in a future release. Use 'az storage fs directory' instead.
Manage the access control properties of a directory when Hierarchical Namespace is enabled.
Commands
Name | Description | Type | Status |
---|---|---|---|
az storage blob directory access set |
Set the access control properties of a directory. |
Extension | Preview and Deprecated |
az storage blob directory access show |
Show the access control properties of a directory. |
Extension | Preview and Deprecated |
az storage blob directory access update |
Update the access control properties of a directory. |
Extension | Preview and Deprecated |
az storage blob directory access set
Command group 'storage blob directory access' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
This command is implicitly deprecated because command group 'storage blob directory' is deprecated and will be removed in a future release. Use 'az storage fs directory' instead.
Set the access control properties of a directory.
az storage blob directory access set --acl-spec
--container-name
--directory-path
[--account-key]
[--account-name]
[--auth-mode {key, login}]
[--connection-string]
[--if-match]
[--if-modified-since]
[--if-none-match]
[--if-unmodified-since]
[--lease-id]
[--sas-token]
[--timeout]
Examples
Set the access control properties of a directory.
az storage blob directory access set -a "user::rwx,group::r--,other::---" -d MyDirectoryPath -c MyContainer --account-name MyStorageAccount
Required Parameters
The ACL specification to set on the path in the format "[default:]user|group|other|mask:[entity id or UPN]:r|-w|-x|-,[default:]user|group|other|mask:[entity id or UPN]:r|-w|-x|-,...". e.g."user::rwx,user:john.doe@contoso:rwx,group::r--,other::---,mask::rwx".
The container name.
The directory path name.
Optional Parameters
Storage account key. Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_KEY.
Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT. Must be used in conjunction with either storage account key or a SAS token. If neither are present, the command will try to query the storage account key using the authenticated Azure account. If a large number of storage commands are executed the API quota may be hit.
The mode in which to run the command. "login" mode will directly use your login credentials for the authentication. The legacy "key" mode will attempt to query for an account key if no authentication parameters for the account are provided. Environment variable: AZURE_STORAGE_AUTH_MODE.
Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.
An ETag value. Specify this header to perform the operation only if the resource's ETag matches the value specified. The ETag must be specified in quotes.
Alter only if modified since supplied UTC datetime (Y-m-d'T'H:M'Z').
An ETag value or the special wildcard ("*") value. Specify this header to perform the operation only if the resource's ETag does not match the value specified. The ETag must be specified in quotes.
Alter only if unmodified since supplied UTC datetime (Y-m-d'T'H:M'Z').
Required if the path has an active lease.
A Shared Access Signature (SAS). Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_SAS_TOKEN.
Request timeout in seconds. Applies to each call to the service.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az storage blob directory access show
Command group 'storage blob directory access' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
This command is implicitly deprecated because command group 'storage blob directory' is deprecated and will be removed in a future release. Use 'az storage fs directory' instead.
Show the access control properties of a directory.
az storage blob directory access show --container-name
--directory-path
[--account-key]
[--account-name]
[--auth-mode {key, login}]
[--connection-string]
[--if-match]
[--if-modified-since]
[--if-none-match]
[--if-unmodified-since]
[--lease-id]
[--sas-token]
[--timeout]
[--user-principle-names]
Examples
Show the access control properties of a directory.
az storage blob directory access show -d MyDirectoryPath -c MyContainer --account-name MyStorageAccount
Required Parameters
The container name.
The directory path name.
Optional Parameters
Storage account key. Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_KEY.
Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT. Must be used in conjunction with either storage account key or a SAS token. If neither are present, the command will try to query the storage account key using the authenticated Azure account. If a large number of storage commands are executed the API quota may be hit.
The mode in which to run the command. "login" mode will directly use your login credentials for the authentication. The legacy "key" mode will attempt to query for an account key if no authentication parameters for the account are provided. Environment variable: AZURE_STORAGE_AUTH_MODE.
Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.
An ETag value. Specify this header to perform the operation only if the resource's ETag matches the value specified. The ETag must be specified in quotes.
Alter only if modified since supplied UTC datetime (Y-m-d'T'H:M'Z').
An ETag value or the special wildcard ("*") value. Specify this header to perform the operation only if the resource's ETag does not match the value specified. The ETag must be specified in quotes.
Alter only if unmodified since supplied UTC datetime (Y-m-d'T'H:M'Z').
Required if the path has an active lease.
A Shared Access Signature (SAS). Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_SAS_TOKEN.
Request timeout in seconds. Applies to each call to the service.
Valid only when Hierarchical Namespace is enabled for the account. If "true", the user identity values returned for owner, group, and acl will be transformed from Azure Active Directory Object IDs to User Principal Names. If "false", the values will be returned as Azure Active Directory Object IDs. The default value is false. Note that group and application Object IDs are not translated because they do not have unique friendly names.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az storage blob directory access update
Command group 'storage blob directory access' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
This command is implicitly deprecated because command group 'storage blob directory' is deprecated and will be removed in a future release. Use 'az storage fs directory' instead.
Update the access control properties of a directory.
az storage blob directory access update --container-name
--directory-path
[--account-key]
[--account-name]
[--acl-spec]
[--auth-mode {key, login}]
[--connection-string]
[--group]
[--if-match]
[--if-modified-since]
[--if-none-match]
[--if-unmodified-since]
[--lease-id]
[--owner]
[--permissions]
[--sas-token]
[--timeout]
Examples
Update the access permissions of a directory.
az storage blob directory access update --permissions "rwxrwxrwx" -d MyDirectoryPath -c MyContainer --account-name MyStorageAccount
Update the owning user of a directory.
az storage blob directory access update --owner [entityId/UPN] -d MyDirectoryPath -c MyContainer --account-name MyStorageAccount
Update the owning group of a directory.
az storage blob directory access update --group [entityId/UPN] -d MyDirectoryPath -c MyContainer --account-name MyStorageAccount
Required Parameters
The container name.
The directory path name.
Optional Parameters
Storage account key. Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_KEY.
Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT. Must be used in conjunction with either storage account key or a SAS token. If neither are present, the command will try to query the storage account key using the authenticated Azure account. If a large number of storage commands are executed the API quota may be hit.
The ACL specification to set on the path in the format "[default:]user|group|other|mask:[entity id or UPN]:r|-w|-x|-,[default:]user|group|other|mask:[entity id or UPN]:r|-w|-x|-,...". e.g."user::rwx,user:john.doe@contoso:rwx,group::r--,other::---,mask::rwx".
The mode in which to run the command. "login" mode will directly use your login credentials for the authentication. The legacy "key" mode will attempt to query for an account key if no authentication parameters for the account are provided. Environment variable: AZURE_STORAGE_AUTH_MODE.
Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.
The owning group for the directory.
An ETag value. Specify this header to perform the operation only if the resource's ETag matches the value specified. The ETag must be specified in quotes.
Alter only if modified since supplied UTC datetime (Y-m-d'T'H:M'Z').
An ETag value or the special wildcard ("*") value. Specify this header to perform the operation only if the resource's ETag does not match the value specified. The ETag must be specified in quotes.
Alter only if unmodified since supplied UTC datetime (Y-m-d'T'H:M'Z').
Required if the path has an active lease.
The owning user for the directory.
The POSIX access permissions for the file owner,the file owning group, and others. Both symbolic (rwxrw-rw-) and 4-digit octal notation (e.g. 0766) are supported.
A Shared Access Signature (SAS). Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_SAS_TOKEN.
Request timeout in seconds. Applies to each call to the service.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
Azure CLI