Provide an actual "read-only" role for Azure File Service
The reader role available in RBAC doesn't really do what you think it'd do when applied to Azure File Service. A user with this role can't even see the Azure File Service when browsing the storage account.
As I understand it this is by design as the reader role works on Azure objects and not on files and folders.
What I need is a method that prevents users from accidentally deleting files or folders by giving them read-only access to the actual files and folders. I don't need fine grained control over access to files and folders, just a straightforward method to prevent accidental deletion.
Perhaps this topic is for another part of the feedback forum, feel free to move it if that's the case.
Thank you for this feedback!
We’re working on or have shipped several features that we think will satisfy this request.
First, we have shipped the share snapshot feature, which enables you to protect a point-in-time for a file share. If a user were to delete a file, you can restore from the previous snapshot. To make this easier, Azure Backup will soon support scheduling share snapshot.
Second, and more to the specific ask in the initial post, we are working on AAD authentication and authorization for Azure file shares. When we ship this feature, you will have the ability to set share ACLs that prevent deletes or modifications.
Program Manager, Azure Files
It's Jan 2019 and still no progress on this issue. Seems like MS don't care about your data.
Currently the reader role does not have permissions to view files on the azure portal, a message saying access denied will pop up if a reader attempts to view files. can the reader role be updated so it can view files on the azure portal?