az storage fs access

Manage file system access and permissions for Azure Data Lake Storage Gen2 account.

Commands

az storage fs access set

Set the access control properties of a path(directory or file) in Azure Data Lake Storage Gen2 account.

az storage fs access show

Show the access control properties of a path (directory or file) in Azure Data Lake Storage Gen2 account.

az storage fs access set

Set the access control properties of a path(directory or file) in Azure Data Lake Storage Gen2 account.

az storage fs access set --file-system
                         --path
                         [--account-key]
                         [--account-name]
                         [--acl]
                         [--auth-mode {key, login}]
                         [--connection-string]
                         [--group]
                         [--owner]
                         [--permissions]
                         [--sas-token]
                         [--subscription]

Examples

Set the access control list of a path.

az storage fs access set --acl "user::rwx,group::r--,other::---" -p dir -f myfilesystem --account-name mystorageaccount --account-key 0000-0000

Set permissions of a path.

az storage fs access set --permissions "rwxrwx---" -p dir -f myfilesystem --account-name mystorageaccount --account-key 0000-0000

Set owner of a path.

az storage fs access set --owner example@microsoft.com -p dir -f myfilesystem --account-name mystorageaccount --account-key 0000-0000

Set owning group of a path.

az storage fs access set --group 68390a19-a897-236b-b453-488abf67b4dc -p dir -f myfilesystem --account-name mystorageaccount --account-key 0000-0000

Required Parameters

--file-system -f

File system name.

--path -p

The path to a file or directory in the specified file system.

Optional Parameters

--account-key

Storage account key. Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_KEY.

--account-name

Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT. Must be used in conjunction with either storage account key or a SAS token. If neither are present, the command will try to query the storage account key using the authenticated Azure account. If a large number of storage commands are executed the API quota may be hit.

--acl

Invalid in conjunction with acl. POSIX access control rights on files and directories in the format "[scope:][type]:[id]:[permissions]". e.g. "user::rwx,group::r--,other::---,mask::rwx".

--auth-mode

The mode in which to run the command. "login" mode will directly use your login credentials for the authentication. The legacy "key" mode will attempt to query for an account key if no authentication parameters for the account are provided. Environment variable: AZURE_STORAGE_AUTH_MODE.

accepted values: key, login
--connection-string

Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.

--group

The owning group of the file or directory. The group Azure Active Directory object ID or user principal name to set as the owning group. For more information, please refer to https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control#changing-the-owning-group.

--owner

The owning user of the file or directory. The user Azure Active Directory object ID or user principal name to set as the owner. For more information, please refer to https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control#the-owning-user.

--permissions

Invalid in conjunction with acl. POSIX access permissions for the file owner, the file owning group, and others. Each class may be granted read(r), write(w), or execute(x) permission. Both symbolic (rwxrw-rw-) and 4-digit octal notation (e.g. 0766) are supported.'.

--sas-token

A Shared Access Signature (SAS). Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_SAS_TOKEN.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az storage fs access show

Show the access control properties of a path (directory or file) in Azure Data Lake Storage Gen2 account.

az storage fs access show --file-system
                          --path
                          [--account-key]
                          [--account-name]
                          [--auth-mode {key, login}]
                          [--connection-string]
                          [--query-examples]
                          [--sas-token]
                          [--subscription]

Examples

Show the access control properties of a path.

az storage fs access show -p dir -f myfilesystem --account-name myadlsaccount --account-key 0000-0000

Required Parameters

--file-system -f

File system name.

--path -p

The path to a file or directory in the specified file system.

Optional Parameters

--account-key

Storage account key. Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_KEY.

--account-name

Storage account name. Related environment variable: AZURE_STORAGE_ACCOUNT. Must be used in conjunction with either storage account key or a SAS token. If neither are present, the command will try to query the storage account key using the authenticated Azure account. If a large number of storage commands are executed the API quota may be hit.

--auth-mode

The mode in which to run the command. "login" mode will directly use your login credentials for the authentication. The legacy "key" mode will attempt to query for an account key if no authentication parameters for the account are provided. Environment variable: AZURE_STORAGE_AUTH_MODE.

accepted values: key, login
--connection-string

Storage account connection string. Environment variable: AZURE_STORAGE_CONNECTION_STRING.

--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--sas-token

A Shared Access Signature (SAS). Must be used in conjunction with storage account name. Environment variable: AZURE_STORAGE_SAS_TOKEN.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.