How to allow RENAME operation to a local SFTP user in Storage Account?

11-4688 111 Reputation points
2024-06-01T15:00:03.14+00:00

I have created an Azure SA, a container, enabled SFTP and created a local user with list, write, read permissions. The user is able to create a folder, a file, to modify the file content but can not rename the file. Will adding delete and / or create permissions solve this issue?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,909 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,614 questions
0 comments
Accepted answer
  1. Anand Prakash Yadav 7,780 Reputation points Microsoft Vendor
    2024-06-03T11:36:17.7+00:00

    Hello 11-4688,

    Thank you for posting your query here!

    When a user is unable to rename a file, it’s essential to check the specific permissions related to renaming (also known as “move” or “rename” operations).

    Renaming a file involves both deleting the original file and creating a new file with the desired name. Therefore, permissions related to both delete and create operations are relevant.

    To allow a user to rename files within an Azure Storage container, you need to ensure the following permissions:

    · Delete Permission: The user should have the permission to delete the original file (the one being renamed).

    · Create Permission: The user should have the permission to create a new file (with the desired name) in the same container.

    · Additionally, the user should have read and write permissions to modify the file content (which you’ve already granted).

    Do let us know if you have any further queries. I’m happy to assist you further.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sina Salam 7,201 Reputation points
    2024-06-02T15:51:26.6733333+00:00

    Hello 11-4688,

    Welcome to the Microsoft Q&A and thank you for posting your questions here.

    Problem

    I understand that you can create folders and files, modify file content, but cannot rename files. The user is querying whether adding delete and/or create permissions would solve the issue of being unable to rename files.

    Solution

    To resolve the issue of not being able to rename files in the Azure Storage Account (SA) with SFTP enabled, follow these steps to add the necessary permissions. Below is a detailed step-by-step guide including any necessary code, all necessary configurations must have been observed.

    Adding the delete and create permissions should enable the user to rename files, as these permissions are required to perform the underlying operations involved in renaming.

    However, in the permissions configuration for the local user, ensure that delete and create permissions are checked in addition to the existing list, write, and read permissions.

    After you must have login-in to your Azure SA using Azure CLI. Use the 'az storage account local-user update' command to update the permissions for the local user. Replace the placeholders with your actual values.

    az storage account local-user update --resource-group <ResourceGroupName> \
  --account-name <StorageAccountName> --username <LocalUserName> \
  --permissions rwdlc
    • r stands for read.

    w stands for write.

    d stands for delete.

    l stands for list.

    c stands for create

    View the permission and ensure it's allocated appropriately by using: 

    az storage account local-user show --resource-group <ResourceGroupName> \
  --account-name <StorageAccountName> --username <LocalUserName>

    If the permission is Okay. Try again to rename.

    Accept Answer

    I hope this is helpful! Do not hesitate to let me know if you have any other questions.

    ** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.

    Best Regards,

    Sina Salam

    0 comments