You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/storage/blobs/data-lake-storage-access-control-model.md
+31-31Lines changed: 31 additions & 31 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ author: normesta
6
6
7
7
ms.service: azure-data-lake-storage
8
8
ms.topic: conceptual
9
-
ms.date: 11/26/2024
9
+
ms.date: 12/03/2024
10
10
ms.author: normesta
11
11
ms.custom: engagement-fy23
12
12
---
@@ -85,36 +85,36 @@ The following diagram shows the permission flow for three common operations: lis
85
85
86
86
The following table shows you how to combine Azure roles, conditions, and ACL entries so that a security principal can perform the operations listed in the **Operation** column. This table shows a column that represents each level of a fictitious directory hierarchy. There's a column for the root directory of the container (`/`), a subdirectory named **Oregon**, a subdirectory of the Oregon directory named **Portland**, and a text file in the Portland directory named **Data.txt**. Appearing in those columns are [short form](data-lake-storage-access-control.md#short-forms-for-permissions) representations of the ACL entry required to grant permissions. **N/A** (_Not applicable_) appears in the column if an ACL entry is not required to perform the operation.
87
87
88
-
| Operation | Assigned Azure role (with or without conditions) | / | Oregon/| Portland/ | Data.txt |
> To view the contents of a container in Azure Storage Explorer, security principals must [sign in to Storage Explorer by using Microsoft Entra ID](../../vs-azure-tools-storage-manage-with-storage-explorer.md?tabs=windows#attach-to-an-individual-resource), and (at a minimum) have read access (R--) to the root folder (`\`) of a container. This level of permission does give them the ability to list the contents of the root folder. If you don't want the contents of the root folder to be visible, you can assign them [Reader](../../role-based-access-control/built-in-roles.md#reader) role. With that role, they'll be able to list the containers in the account, but not container contents. You can then grant access to specific directories and files by using ACLs.
Copy file name to clipboardExpand all lines: articles/storage/blobs/data-lake-storage-access-control.md
+12-12Lines changed: 12 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ author: normesta
6
6
7
7
ms.service: azure-data-lake-storage
8
8
ms.topic: conceptual
9
-
ms.date: 11/15/2024
9
+
ms.date: 12/03/2024
10
10
ms.author: normesta
11
11
ms.reviewer: jamesbak
12
12
ms.devlang: python
@@ -97,17 +97,17 @@ This table shows a column that represents each level of a fictitious directory h
97
97
> [!IMPORTANT]
98
98
> This table assumes that you are using **only** ACLs without any Azure role assignments. To see a similar table that combines Azure RBAC together with ACLs, see [Permissions table: Combining Azure RBAC, ABAC, and ACLs](data-lake-storage-access-control-model.md#permissions-table-combining-azure-rbac-abac-and-acls).
0 commit comments