Updates

Author: normesta

articles/storage/blobs/secure-file-transfer-protocol-support-authorize-access.md

@@ -193,7 +193,7 @@ If you want to authorize access at the file and directory level, you can enable
    > [!IMPORTANT]
    > The local user must have at least one container permission for the container it is connecting to otherwise the connection attempt will fail.
 
-2. If you want to authorize access by using the access control lists (acls) associated with files and directories in this container, then select the **Allow ACL authorization** checkbox. To learn more about using ACLS to authorize SFTP clients, see [ACLs](secure-file-transfer-protocol-support.md#acls).
+2. If you want to authorize access by using the access control lists (acls) associated with files and directories in this container, then select the **Allow ACL authorization** checkbox. To learn more about using ACLS to authorize SFTP clients, see [ACLs](secure-file-transfer-protocol-support.md#access-control-lists-acls).
 
    You can also add this local user to a group by assigning that user to a group ID. That ID can be any number or number scheme that you want. Grouping users allow you to add and remove users without the need to reapply ACLs to an entire directory structure. Instead, you can just add or remove users from the group.
 

articles/storage/blobs/secure-file-transfer-protocol-support-connect.md

@@ -75,7 +75,7 @@ See the documentation of your SFTP client for guidance about how to connect and
 
 ### Modify the ACL of a file or directory
 
-You can modify the permission level of the owning user, owning group, and all other users of an ACL by using an SFTP client. You can also change the ID of the owning user and the owning group. To learn more about ACL support for SFTP clients, see [ACLs](secure-file-transfer-protocol-support.md#acls).
+You can modify the permission level of the owning user, owning group, and all other users of an ACL by using an SFTP client. You can also change the ID of the owning user and the owning group. To learn more about ACL support for SFTP clients, see [ACLs](secure-file-transfer-protocol-support.md#access-control-lists-acls).
 
 #### Modify permissions
 

articles/storage/blobs/secure-file-transfer-protocol-support.md

@@ -47,7 +47,7 @@ SFTP clients can't be authorized by using Microsoft Entra identities. Instead, S
 Local users must use either a password or a Secure Shell (SSH) private key credential for authentication. You can have a maximum of 2000 local users for a storage account.
 
 To set up access permissions, you'll create a local user, and choose authentication methods. Then, for each container in your account, you can specify the level of access you want to give that user.
- 
+
 > [!CAUTION]
 > Local users do not interoperate with other Azure Storage permission models such as RBAC (role based access control) and ABAC (attribute based access control). Access control lists (ACLs) are supported for local users at the preview level.
 >
@@ -89,42 +89,44 @@ When performing write operations on blobs in sub directories, Read permission is
 
 > [!IMPORTANT]
 > This capability is currently in PREVIEW.
-> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability. 
+> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 
 ACLs let you grant "fine-grained" access, such as write access to a specific directory or file. An ACL is a permission construct that contains a series of ACL entries. Each ACL entry associates an identity with an access level. To learn more about ACLs, see [Access control lists (ACLs) in Azure Data Lake Storage Gen2](data-lake-storage-access-control.md).
 
-To authorize a local user by using ACLs, you must first enable ACL authorization for that local user. See [Give permission to containers](secure-file-transfer-protocol-support-authorize-accessmd#give-permission-to-containers).
+To authorize a local user by using ACLs, you must first enable ACL authorization for that local user. See [Give permission to containers](secure-file-transfer-protocol-support-authorize-acces.md#give-permission-to-containers).
 
-While an ACL can define the permission level for many different types of identities, only the owning user, owning group, and all other users identities can be used to authorize a local user. Named users and named groups are not yet supported for local user authorization. 
+While an ACL can define the permission level for many different types of identities, only the owning user, owning group, and all other users identities can be used to authorize a local user. Named users and named groups are not yet supported for local user authorization.
 
 ### How ACL permissions are evaluated
 
 ACLs are evaluated only if the local user does not have the necessary container permissions to perform an operation. Because of the way that access permissions are evaluated by the system, you cannot use an ACL to restrict access that has already been granted by container-level permissions. That's because the system evaluates container permissions first, and if those permissions grant sufficient access permission, ACLs are ignored.
 
 ### Modifying ACLs with an SFTP client
 
-While an ACL can be modified by using any supported Azure tool or SDK, users can also modify them by using an SFTP client. To enable a local user to modify ACLs, you must first give the local user `Modify Permissions` permission. See [Give permission to containers](secure-file-transfer-protocol-support-authorize-access.md#give-permission-to-containers).
+While an ACL can be modified by using any supported Azure tool or SDK, local users can also modify them. To enable a local user to modify ACLs, you must first give the local user `Modify Permissions` permission. See [Give permission to containers](secure-file-transfer-protocol-support-authorize-access.md#give-permission-to-containers).
+
+Local users can change the permission level of the only the owning user, owning group, and all other users of an ACL. Adding or modifying ACL entries for named users, named groups, and named security principals is not yet supported.
 
-Local users can change the permission level of the only the owning user, owning group, and all other users of an ACL. Adding or modifying ACL entries for named users, named groups, and named security principals is not yet supported. Users can also change the ID of the owning user and the owning group. To change owning user or owning group of a directory or blob. The local user must have been given `Modify Ownership` permission.
+Local users can also change the ID of the owning user and the owning group. To change owning user or owning group of a directory or blob, the local user must be given `Modify Ownership` permission.
 
-Most SFTP clients expose commands for changing these properties. The following table describes common commands in more detail.
+Most SFTP clients expose commands for changing these properties. To view examples, see [Modify the ACL of a file or directory](secure-file-transfer-protocol-support-connect.md#modify-the-acl-of-a-file-or-directory).
+
+The following table describes common commands in more detail.
 
 | Command | Required Container Permission | Description |
 |---|---|---|
 | chown | o | <li>Change owning user for file/directory</li><li>Must specify numeric ID</li> |
 | chgrp | o | <li>Change owning group for file/directory</li><li>Must specify numeric ID</li> |
 | chmod | p | <li>Change permissions/mode for file/directory</li><li>Must specify POSIX style octal permissions</li> |
 
-The IDs required for changing owning user and owning group are part of new properties for Local Users. The following table describes each new Local User property in more detail.
+The IDs required for changing owning user and owning group are part of new properties for local users. The following table describes each new Local User property in more detail.
 
 | Property | Description |
 |---|---|
-| UserId | <li>Unique identifier for the Local User within the storage account</li><li>Generated by default when the Local User is created</li><li>Used for setting owning user on file/directory</li> |
-| GroupId | <li>Identifer for a group of Local Users</li><li>Used for setting owning group on file/directory</li> |
+| UserId | <li>Unique identifier for the local user within the storage account</li><li>Generated by default when the Local User is created</li><li>Used for setting owning user on file/directory</li> |
+| GroupId | <li>Identifer for a group of local users</li><li>Used for setting owning group on file/directory</li> |
 | AllowAclAuthorization | <li>Allow authorizing this Local User's requests with ACLs</li> |
 
-To see examples that ACLs from an SFTP client, see [Modify ACLs](secure-file-transfer-protocol-support-connect.md#modify-acls).
-
 ## Home directory
 
 As you configure permissions, you have the option of setting a home directory for the local user. If no other container is specified in an SFTP connection request, then the home directory is the directory that the user connects to by default. For example, consider the following request made by using [Open SSH](/windows-server/administration/openssh/openssh_overview). This request doesn't specify a container or directory name as part of the `sftp` command.