I have an Azure storage account with SFTP enabled. I have multiple containers with one user for each container with permissions to only that container.
I would like to also have a user with access to all containers.
I know it is possible to do so in the Azure portal. I, however, need to be able to do it from PowerShell.
I see two possible options: Either by having a permission scope that simply gives the user permissions to everything including new containers when they are added or by adding to the existing permissions when a new container is added.
I have tried using the New-AzStorageLocalUserPermissionScope function from the Az module. With this function, though, I can (AFAIK) only specify one container to give permissions to.
If update a user with a new permission scope with the Set-AzStorageLocalUser function it overwrites the existing permission.
2
Answers
I was able to create a solution by appending permission scopes as suggested by Jahnavi.
Creating and appending the permission scopes one by one every time I update the user is not a possibility, though, as I will only have the information on the container that should be added to the permissions. My solution is to save the permission scope as a JSON-file. Every time I need to add a permission I do the following:
Here is the code I use:
As you said, updating a user with a new permission scope with the
Set-AzStorageLocalUser
function overwrites the existing permission scope every time.So after a workaround on this, I found a way by generating a SAS token for the storage account using
New-AzStorageAccountSASToken
cmdlet. Then the token helps to grant access to all containers in the storage account.Below is the script which I tried to generate a SAS token and then used that SAS token to grant access to the other storage accounts.
Output:
Alternatively:-
I tried using the
NewAzStorageLocalUserPermissionScope
andSet-AzStorageLocalUser
commands and it worked as follows:Steps followed:
Script:
Output: