Set share-level permissions for all authenticated identities on a storageaccount

[fmayerhof]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

When using a azure file share with Active Directory integrations it`s currently not possible to setup the default share-level permissions.
You can setup the permissions via Azure CLI at the moment. see Microsoft docs.
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-assign-permissions?tabs=azure-cli

New or Affected Resource(s)/Data Source(s)

azurerm_storage_account

Potential Terraform Configuration

resource "azurerm_storage_account" "this" {
  name                      = "StorageName"
  resource_group_name       = var.rg_name
  location                  = var.location

  share_properties {
    retention_policy {
       days = 30
    }
    smb {
      versions                        = ["SMB3.1.1"]
      authentication_types            = ["Kerberos", "NTLMv2"]
      kerberos_ticket_encryption_type = ["RC4-HMAC", "AES-256"]
      channel_encryption_type         = ["AES-128-CCM", "AES-128-GCM", "AES-256-GCM"]
    }
    defaultSharePermission = "StorageFileDataSmbShareContributor"
  }

References

No response

[paulh-utilita]

I would also like to add to this especially given how long it's been without anything said further on this. This would be good to allow us to tie into On-Prem Active Directory to then set the default permissions for use with FSLogix Profiles. Being able to set that via code would be a life saver for spinning up future VDI environments within Azure. Has there been any updates to this feature to the provider, given it is possible via other means (CLI and Powershell).

Thanks

[fmayerhof]

@paulh-utilita you can use az cli..
az storage account update --name ${azurerm_storage_account.name} --resource-group ${azurerm_resource_group.this.name} --default-share-permission "StorageFileDataSmbShareContributor"

[jaywithersbrewin]

You could use azapi if you want to do it with Terraform whilst you wait for the feature to be implemented.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.