I am running the command "az storage share-rm delete" to delete a specific snapshot. It works perfectly when I manually run it on the Windows PowerShell terminal. It also works fine if I automate the command to run via a Task Scheduler job. The job works fine only if I run it with my personal user id. It does not work if I run it with a service account. The service account has the same level of permissions as my personal account. Would it be possible to delete the snapshots with a service account or can we only delete the snapshots with our personal accounts? Does the service account have to be an interactive service account only?
We tried running the Task Scheduler job via service account but it does not delete the snapshots.
2
Answers
Thank you for your response.
I changed command from
az storage share-rm delete --ids /subscriptions/xxxx/resourceGroups/xxxx/providers/Microsoft.Storage/storageAccounts/xxx/fileServices/default/shares/xxx --snapshot
to
az storage share delete --name xxx --account-key xxx --account-name xxxx --snapshot xxx
After that, I was able to delete the snapshots using the service account. I didn't have to change the permissions. The task scheduler is running fine and snapshots are deleted as per the schedule.
The issue you’re facing with the service account could be due to missing or insufficient permissions. Ensure the service account has the necessary role assignments, like the "Storage Blob Data Contributor" role at the storage account level.