Azure files storage - how deny delete operation from a user? RRS feed

  • Question

  • Hi,

    Is it possible to disable delete action from certain users to the folders in Azure file storage fileshare? If it's possible should it be done via IAM in Azure storage account or can I do it with the Windows explorer by editing the folders security settings? 

    Wednesday, May 27, 2020 1:44 PM

All replies

  • Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.

    You can restrict by using RBAC: Before that let me explain who and How can restriction can be done.

    Azure Files enforces authorization on user access to both the share and the directory/file levels. Share-level permission assignment can be performed on Azure Active Directory (Azure AD) users or groups managed through the role-based access control (RBAC) model. With RBAC, the credentials you use for file access should be available or synced to Azure AD. You can assign built-in RBAC roles like Storage File Data SMB Share Reader to users or groups in Azure AD to grant read access to an Azure file share.

    Storage File Data SMB Share Reader

    For more information refer to this article: https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable

    Hope this helps! 

    Kindly let us know if the above helps or you need further assistance on this issue.  

    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members.

    Friday, May 29, 2020 7:13 AM
  •  Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
    Thursday, June 4, 2020 3:27 PM