Merge pull request #98862 from normesta/normesta-sdk-interop

PRMerger14 · web-flow · commit 7165fdae2a5f · 2019-12-13T08:34:20.000-08:00
Adding context and auth details
diff --git a/articles/storage/blobs/data-lake-storage-directory-file-acl-powershell.md b/articles/storage/blobs/data-lake-storage-directory-file-acl-powershell.md
@@ -54,37 +54,36 @@ This article shows you how to use PowerShell to create and manage directories, f
 
 ## Connect to the account
 
-1. Open a Windows PowerShell command window.
+Open a Windows PowerShell command window, and then sign in to your Azure subscription with the `Connect-AzAccount` command and follow the on-screen directions.
 
-2. Sign in to your Azure subscription with the `Connect-AzAccount` command and follow the on-screen directions.
-
-   ```powershell
-   Connect-AzAccount
-   ```
+```powershell
+Connect-AzAccount
+```
 
-3. If your identity is associated with more than one subscription, then set your active subscription to subscription of the storage account that you want create and manage directories in.
+If your identity is associated with more than one subscription, then set your active subscription to subscription of the storage account that you want create and manage directories in. In this example, replace the `<subscription-id>` placeholder value with the ID of your subscription.
 
-   ```powershell
-   Select-AzSubscription -SubscriptionId <subscription-id>
-   ```
+```powershell
+Select-AzSubscription -SubscriptionId <subscription-id>
+```
 
-   Replace the `<subscription-id>` placeholder value with the ID of your subscription.
+Next, choose how you want your commands to obtain authorization to the storage account. 
 
-4. Get the storage account.
+### Option 1: Obtain authorization by using Azure Active Directory (AD)
 
-   ```powershell
-   $storageAccount = Get-AzStorageAccount -ResourceGroupName "<resource-group-name>" -AccountName "<storage-account-name>"
-   ```
+With this approach, the system ensures that your user account has the appropriate role-based access control (RBAC) assignments and ACL permissions. 
 
-   * Replace the `<resource-group-name>` placeholder value with the name of your resource group.
+```powershell
+$ctx = New-AzStorageContext -StorageAccountName '<storage-account-name>' -UseConnectedAccount
+```
 
-   * Replace the `<storage-account-name>` placeholder value with the name of your storage account.
+### Option 2: Obtain authorization by using the storage account key
 
-5. Get the storage account context.
+With this approach, the system doesn't check the RBAC or ACL permissions of a resource.
 
-   ```powershell
-   $ctx = $storageAccount.Context
-   ```
+```powershell
+$storageAccount = Get-AzStorageAccount -ResourceGroupName "<resource-group-name>" -AccountName "<storage-account-name>"
+$ctx = $storageAccount.Context
+```
 
 ## Create a file system
 
@@ -184,27 +183,30 @@ Get-AzDataLakeGen2ItemContent -Context $ctx -FileSystem $filesystemName -Path $f
 
 List the contents of a directory by using the `Get-AzDataLakeGen2ChildItem` cmdlet.
 
-This example lists the contents of a directory named `my-directory`. 
-
-To list the contents of a file system, omit the `-Path` parameter from the command.
+This example lists the contents of a directory named `my-directory`.
 
 ```powershell
 $filesystemName = "my-file-system"
 $dirname = "my-directory/"
 Get-AzDataLakeGen2ChildItem -Context $ctx -FileSystem $filesystemName -Path $dirname
 ```
 
-This example lists the contents of a directory named `my-directory` and includes ACLs in the list. 
-It also uses the `-Recurse` parameter to list the contents of all subdirectories.
+This example doesn't return values for the `ACL`, `Permissions`, `Group`, and `Owner` properties. To obtain those values, use the `-FetchPermission` parameter. 
 
-To list the contents of a file system, omit the `-Path` parameter from the command.
+The following example lists the contents of the same directory, but it also uses the `-FetchPermission` parameter to return values for the `ACL`, `Permissions`, `Group`, and `Owner` properties. 
 
 ```powershell
 $filesystemName = "my-file-system"
 $dirname = "my-directory/"
-Get-AzDataLakeGen2ChildItem -Context $ctx -FileSystem $filesystemName -Path $dirname -Recurse -FetchPermission
+$properties = Get-AzDataLakeGen2ChildItem -Context $ctx -FileSystem $filesystemName -Path $dirname -Recurse -FetchPermission
+$properties.ACL
+$properties.Permissions
+$properties.Group
+$properties.Owner
 ```
 
+To list the contents of a file system, omit the `-Path` parameter from the command.
+
 ## Upload a file to a directory
 
 Upload a file to a directory by using the `New-AzDataLakeGen2Item` cmdlet.
