How can we improve Azure Storage?

Provide an actual "read-only" role for Azure File Service

The reader role available in RBAC doesn't really do what you think it'd do when applied to Azure File Service. A user with this role can't even see the Azure File Service when browsing the storage account.

As I understand it this is by design as the reader role works on Azure objects and not on files and folders.

What I need is a method that prevents users from accidentally deleting files or folders by giving them read-only access to the actual files and folders. I don't need fine grained control over access to files and folders, just a straightforward method to prevent accidental deletion.

Perhaps this topic is for another part of the feedback forum, feel free to move it if that's the case.

74 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Martin Edelius shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

Thank you for this feedback!

We’re working on or have shipped several features that we think will satisfy this request.

First, we have shipped the share snapshot feature, which enables you to protect a point-in-time for a file share. If a user were to delete a file, you can restore from the previous snapshot. To make this easier, Azure Backup will soon support scheduling share snapshot.

Second, and more to the specific ask in the initial post, we are working on AAD authentication and authorization for Azure file shares. When we ship this feature, you will have the ability to set share ACLs that prevent deletes or modifications.

Thanks,

Will Gries
Program Manager, Azure Files

2 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    It's Jan 2019 and still no progress on this issue. Seems like MS don't care about your data.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Currently the reader role does not have permissions to view files on the azure portal, a message saying access denied will pop up if a reader attempts to view files. can the reader role be updated so it can view files on the azure portal?

Feedback and Knowledge Base