CODEWITHSUNDEEP
azurepowershellsmtpaclazure-data-lake-gen2
Yoshinobu Furuya
Yoshinobu Furuya

Reputation: 75

ACL for SMTP local user, on azure data lake gen2 folder

I have situation of following. Azure Data Lake Gen2 is setup. Single Container has 2 folders.(folder1, folder2) I have setup Data lake gen2 with smap enabled. I created 2 smtp local users.(user1 , user2)

My Goal is.. To make ACL setup on folder1 that user1 can R&W but cannot Write on folder2. To make ACL setup on folder2 that user2 can R&W but cannot write on folder1.

Below is what what executedd on powershell with azure cmdlet.

$acl = Set-AzDataLakeGen2ItemAclObject -AccessControlType user -EntityId $userID -Permission rwx
Update-AzDataLakeGen2Item -Context $ctx -FileSystem $filesystemName -Path $dirname -Acl $acl

And the output is following error. I am afraid, getting -EntityId for user1 is failing. the name of user does not work. also, SID from command " Get-AzStorageLocalUser -ResourceGroupName "myblobstorage" -StorageAccountName "myccount" " fails. as well.

enter image description here

Upvotes: 0

Views: 65

Answers (1)

Venkatesan
Venkatesan

Reputation: 10455

My Goal is.. To make ACL setup on folder1 that user1 can R&W but cannot Write on folder2. To make ACL setup on folder2 that user2 can R&W but cannot write on folder1.

According to this MS-Document

The ACL authorization at the file and directory level for Azure Blob Storage is still in preview and currently can only be enabled through the Azure Portal. This means that ACL authorization for controlling access at a more granular level (such as files and directories) is not yet fully supported via Azure CLI, PowerShell, or other tools for local user management.

In my environment, I created local user with SFTP enabled in the portal with ACL enabled through portal.

Portal: enter image description here

Now the user1 can able to access only the folder1.

Command and output:

PS C:\xxxx> Sftp storage accountname.<localusername>@<storage account name>.blob.core.windows.net
[email protected]'s password:
Connected to venkat8912.blob.core.windows.net.
sftp> ls
mac-tar-cache-exp.png   project-structure.png

The above sample command will show only the files in folder1. enter image description here

Same as you can create local user access only for folder2.

Reference:

SFTP support for Azure Blob Storage - Azure Storage | Microsoft Learn

Upvotes: 0

Related Questions