Instead of using a single storage container for all users, create separate containers for each user. This helps in isolating the data and notebooks at the storage level.
Assign Azure RBAC roles to users with the principle of least privilege. For example, assign the "Storage Blob Data Reader" role to users for containers they should have read access to, and "Storage Blob Data Contributor" for write access.
Use a VM or any Azure resource that can mount the Azure Files and then set ACLs on the directories within the mounted storage to control read/write access at the directory level.
Create custom roles that combine RBAC and ACL permissions tailored to your needs. This way, you can fine-tune the permissions to ensure users can only perform actions within their directories.