Azure File Shares - share permission using Azure Portal - Need Help!! RRS feed

  • Question

  • Hello,

    I'm learning and exploring Azure File Shares.  This is what I've done.  

    1. Created storage account (MyStorageAcct)

    2. Created two file shares called FS1 and FS2

    Then I went to "MyStorageAcct" and I see FS1 and FS2 in the Azure Portal.  I ticked the box next to FS1 and clicked "Shared Access Signature" on the left.  Under "Allowed Services", I ticked File only.  Under "Allowed Permissions", I ticked READ and LIST only.  Then I clicked the button "Generate SAS ...".  I copied the "File Service SAS URL" in clipboard.

    I launched "Azure Storage Explorer" in Windows.  I connect to Azure Storage using the option "Use a shared access signature (SAS) URI" and it connected successfully.  I now see both FS1 and FS2.  I did not expect to see FS2.  I repeated the above steps trying out different combination of settings and re-connected using "Azure Storage Explorer", same problem.  I see FS2.  I only want to see FS1.

    Now to get it to work.  This is what I did.  I connected to "MyStorageAcct" using "Azure Storage Explorer" but using my Azure Subscription.  Navigated to "MyStorageAcct -> FS1", right clicked and chose "Get Shared Access Signature".   Only READ and LIST are checked.  Clicked "Create".  Copied the URI.  Opened "Azure Storage Explorer" and connected using this URI.  I only see FS1 and no FS2 which exactly what I wanted to see.

    Anyone know why I can't do this using the Azure Portal?  Maybe I didn't do it right?  Can someone help?


    Tuesday, April 21, 2020 10:41 PM

All replies

  • My guess is that it isn't possible to create SAS for particular share in Portal. I don't see any option either similar to what it is in Storage explorer > File share > right click > Create SAS

    If the response helped, do "Mark as answer" and upvote it
    - Vaibhav

    Wednesday, April 22, 2020 9:58 AM
  • In context of blobs, container will refer to blob container which will contain blobs.

    In context of file service, container will refer to share which will contain files & directories.

    In context of table service, container will refer to table which will contain entities.

    In context of queue service, container will refer to queue which will contain messages.

    SAS should work in portal and Explorer both options. " Allowed resource type" : 

    The signed resource types that are accessible with the account SAS. Service (s): Access to service-level APIs; Container (c(. (e.g., Create/Delete Container, Create/Delete Queue, Create/Delete Table, Create/Delete Share, List Blobs/Files and Directories)) ): Access to container-level APIs; Object (o): Access to object-level APIs for blobs, queue messages, table entities, and files.

    Delegate access to write and delete operations for containers, queues, tables, and file shares, which are not available with an object-specific SAS. 

    Service SAS examples: File Services 

    Hope this helps! 

    Kindly let us know if the above helps or you need further assistance on this issue.
    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members.

    Monday, April 27, 2020 1:36 PM
  • SumanthMarigowda:

    Thanks for the reply.  However I don't quite follow what you're saying.  So using my example in above and under the "Shared Access Signature", what would my settings be in order to restrict access to my "FS01" file share?  Could you please walk me through the screen settings?


    Monday, April 27, 2020 3:06 PM