Member-only story
Fine-Grained ACL for Azure Files Shares: Automation Practices with PowerShell and Bicep
One of the beautiful things about Azure Files Shares that are AD DS enabled, is the ability to set fine-grained ACLs on the directories you want, in combination with Azure RBAC.
By examining both protections, you can construct a highly practical directory hierarchy. The only thing is, how are you going to set up the permissions, and how do they interlink with each other?
In this article, we will explore the in-depth of Azure file shares, its permission structure, and how you can apply automation practices for consistency.
The First Line of Permissions — Azure RBAC
The first line of permissions in your Azure Files shares is Azure RBAC. Azure RBAC in this sense, allows the file share to be “shared”.
If none are set, none shall access.
When you look at the available built-in permissions around file shares in the Storage Account, you will notice Azure RBAC provides the following roles:
