AzCopy reports a cancelled job in JSON when uploading to a folder where you do not have write permissions

[MRayermannMSFT]

Which version of the AzCopy was used?

10.3.3

Which platform are you using? (ex: Windows, Mac, Linux)

Windows

What command did you run?

./azcopy login;
./azcopy.exe copy "C:\Users\myname\Downloads\file.pdf" "https://myaccount.dfs.core.windows.net/container/New%20Folder/file.pdf" --overwrite=prompt --follow-symlinks --recursive --from-to=LocalBlobFS --put-md5; --output-type=json`

What problem was encountered?

The final JSON status from AzCopy had a JobStatus of Cancelled:

{"TimeStamp":"2020-01-09T10:58:34.4403121-08:00","MessageType":"EndOfJob","MessageContent":"{\"ErrorMsg\":\"\",\"ActiveConnections\":0,\"CompleteJobOrdered\":true,\"JobStatus\":\"Cancelled\",\"TotalTransfers\":1...

How can we reproduce the problem in the simplest way?

Create a ADLS Gen2 container with the following folder structure:

container/
   New Folder/

Have a user who is given the following ACL permissions:

container/ r-x
   New Folder/ r-x

Have the user use AzCopy (after logging in) to upload a file to container/New Folder/.

Have you found a mitigation/solution?

No.

[JohnRusk]

(AzCopy team) Let's repro this and see what's happening.

[adreed-msft]

To be clear, this is without RBAC, and only using ACLs?

If so, it would make sense why write is failing. However, this is more down to how we fail from permissions issues.

TODO: Investigate if ACL related failures have a specific service code, or something identifiable, so we can determine whether or not to full error out.

[adreed-msft]

There is no special service code for this case. If we want to support this for ADLS Gen 2, special exemptions could be made that just causes this to fail transfers, but not the entire job. Alternatively, we could ask for a special service code.

@JohnRusk @zezha-msft thoughts?