You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/storage/files/storage-files-identity-ad-ds-assign-permissions.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -168,4 +168,4 @@ You could also assign permissions to all authenticated Azure AD users and specif
168
168
169
169
## Next steps
170
170
171
-
Now that you've assigned share-level permissions, you must[configure directory and file-level permissions](storage-files-identity-ad-ds-configure-permissions.md).
171
+
Now that you've assigned share-level permissions, you can[configure directory and file-level permissions](storage-files-identity-ad-ds-configure-permissions.md).
Copy file name to clipboardExpand all lines: articles/storage/files/storage-files-identity-ad-ds-configure-permissions.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ author: khdownie
5
5
ms.service: storage
6
6
ms.subservice: files
7
7
ms.topic: how-to
8
-
ms.date: 11/09/2022
8
+
ms.date: 11/22/2022
9
9
ms.author: kendownie
10
10
ms.custom: engagement-fy23
11
11
---
@@ -14,7 +14,7 @@ ms.custom: engagement-fy23
14
14
15
15
Before you begin this article, make sure you've read [Assign share-level permissions to an identity](storage-files-identity-ad-ds-assign-permissions.md) to ensure that your share-level permissions are in place with Azure role-based access control (RBAC).
16
16
17
-
After you assign share-level permissions, you must first connect to the Azure file share using the storage account key and then configure Windows access control lists (ACLs), also known as NTFS permissions, at the root, directory, or file level. While share-level permissions act as a high-level gatekeeper that determines whether a user can access the share, Windows ACLs operate at a more granular level to control what operations the user can do at the directory or file level.
17
+
After you assign share-level permissions, you can configure Windows access control lists (ACLs), also known as NTFS permissions, at the root, directory, or file level. While share-level permissions act as a high-level gatekeeper that determines whether a user can access the share, Windows ACLs operate at a more granular level to control what operations the user can do at the directory or file level.
18
18
19
19
Both share-level and file/directory-level permissions are enforced when a user attempts to access a file/directory, so if there's a difference between either of them, only the most restrictive one will be applied. For example, if a user has read/write access at the file level, but only read at a share level, then they can only read that file. The same would be true if it was reversed: if a user had read/write access at the share-level, but only read at the file-level, they can still only read the file.
20
20
@@ -83,7 +83,7 @@ net use Z: \\<YourStorageAccountName>.file.core.windows.net\<FileShareName> /use
83
83
84
84
## Configure Windows ACLs
85
85
86
-
After you've connected to your Azure file share using the storage account key, you must configure the Windows ACLs. You can do this using either [icacls](#configure-windows-acls-with-icacls) or [Windows File Explorer](#configure-windows-acls-with-windows-file-explorer). You can also use the [Set-ACL](/powershell/module/microsoft.powershell.security/set-acl) PowerShell command.
86
+
After you've connected to your Azure file share using the storage account key, you can configure the Windows ACLs. You can do this using either [icacls](#configure-windows-acls-with-icacls) or [Windows File Explorer](#configure-windows-acls-with-windows-file-explorer). You can also use the [Set-ACL](/powershell/module/microsoft.powershell.security/set-acl) PowerShell command.
87
87
88
88
If you have directories or files in on-premises file servers with Windows ACLs configured against the AD DS identities, you can copy them over to Azure Files persisting the ACLs with traditional file copy tools like Robocopy or [Azure AzCopy v 10.4+](https://github.com/Azure/azure-storage-azcopy/releases). If your directories and files are tiered to Azure Files through Azure File Sync, your ACLs are carried over and persisted in their native format.
Copy file name to clipboardExpand all lines: articles/storage/files/storage-files-identity-auth-azure-active-directory-enable.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -165,7 +165,7 @@ To set share-level permissions, follow the instructions in [Assign share-level p
165
165
166
166
## Configure directory and file-level permissions
167
167
168
-
Once your share-level permissions are in place, you must assign directory/file-level permissions to the user or group. **This requires using a device with line-of-sight to an on-premises AD**. To use Windows File Explorer, the device also needs to be domain-joined.
168
+
Once share-level permissions are in place, you can assign directory/file-level permissions to the user or group. **This requires using a device with line-of-sight to an on-premises AD**. To use Windows File Explorer, the device also needs to be domain-joined.
169
169
170
170
There are two options for configuring directory and file-level permissions with Azure AD Kerberos authentication:
Copy file name to clipboardExpand all lines: includes/storage-files-aad-permissions-and-mounting.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -68,7 +68,7 @@ az role assignment create --role "<role-name>" --assignee <user-principal-name>
68
68
69
69
## Configure Windows ACLs
70
70
71
-
After you assign share-level permissions with RBAC, you must assign Windows ACLs, also known as NTFS permissions, at the root, directory, or file level. Think of share-level permissions as the high-level gatekeeper that determines whether a user can access the share, whereas Windows ACLs act at a more granular level to determine what operations the user can do at the directory or file level.
71
+
After you assign share-level permissions with RBAC, you can assign Windows ACLs, also known as NTFS permissions, at the root, directory, or file level. Think of share-level permissions as the high-level gatekeeper that determines whether a user can access the share, whereas Windows ACLs act at a more granular level to determine what operations the user can do at the directory or file level.
72
72
73
73
Azure Files supports the full set of basic and advanced permissions. You can view and configure Windows ACLs on directories and files in an Azure file share by mounting the share and then using Windows File Explorer or running the Windows [icacls](/windows-server/administration/windows-commands/icacls) or [Set-ACL](/powershell/module/microsoft.powershell.security/set-acl) command.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments