You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/storage/files/storage-files-identity-ad-ds-assign-permissions.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -43,7 +43,7 @@ There are three scenarios where we instead recommend using a [default share-leve
43
43
> [!NOTE]
44
44
> Because computer accounts don't have an identity in Microsoft Entra ID, you can't configure Azure role-based access control (RBAC) for them. However, computer accounts can access a file share by using a [default share-level permission](#share-level-permissions-for-all-authenticated-identities).
45
45
46
-
## Share-level permissions and RBAC roles
46
+
## Share-level permissions and Azure RBAC roles
47
47
48
48
The following table lists the share-level permissions and how they align with the built-in Azure RBAC roles:
49
49
@@ -82,7 +82,7 @@ To assign an Azure role to a Microsoft Entra identity, using the [Azure portal](
82
82
1. In the Azure portal, go to your file share, or [create a file share](storage-how-to-create-file-share.md).
83
83
1. Select **Access Control (IAM)**.
84
84
1. Select **Add a role assignment**
85
-
1. In the **Add role assignment** blade, select the [appropriate built-in role](#share-level-permissions) from the **Role** list.
85
+
1. In the **Add role assignment** blade, select the [appropriate built-in role](#share-level-permissions-and-azure-rbac-roles) from the **Role** list.
86
86
1. Storage File Data SMB Share Reader
87
87
1. Storage File Data SMB Share Contributor
88
88
1. Storage File Data SMB Share Elevated Contributor
@@ -118,7 +118,7 @@ az role assignment create --role "<role-name>" --assignee <user-principal-name>
118
118
119
119
## Share-level permissions for all authenticated identities
120
120
121
-
You can add a default share-level permission on your storage account, instead of configuring share-level permissions for Microsoft Entra users or groups. A default share-level permission assigned to your storage account applies to all file shares contained in the storage account.
121
+
You can add a default share-level permission on your storage account, instead of configuring share-level permissions for Microsoft Entra users or groups. A default share-level permission assigned to your storage account applies to all file shares contained in the storage account.
122
122
123
123
When you set a default share-level permission, all authenticated users and groups will have the same permission. Authenticated users or groups are identified as the identity can be authenticated against the on-premises AD DS the storage account is associated with. The default share-level permission is set to **None** at initialization, implying that no access is allowed to files or directories in the Azure file share.
124
124
@@ -132,7 +132,7 @@ To configure default share-level permissions on your storage account using the [
132
132
133
133
:::image type="content" source="media/storage-files-identity-ad-ds-assign-permissions/set-default-share-level-permission.png" alt-text="Screenshot showing how to set a default share-level permission using the Azure portal." lightbox="media/storage-files-identity-ad-ds-assign-permissions/set-default-share-level-permission.png" border="true":::
134
134
135
-
1. Select the appropriate role to be enabled as the default [share permission](#share-level-permissions) from the dropdown list.
135
+
1. Select the appropriate role to be enabled as the default [share permission](#share-level-permissions-and-azure-rbac-roles) from the dropdown list.
0 commit comments