AdamS-MSFT
commented
5 years ago @MoRMongol Thanks for the feedback! I have assigned the issue to the content author to evaluate and update as appropriate.
Closed MoRMongol closed 5 years ago
AdamS-MSFT
commented
5 years ago @MoRMongol Thanks for the feedback! I have assigned the issue to the content author to evaluate and update as appropriate.
roygara
commented
5 years ago @MoRMongol Thanks for reaching out, in order to better direct/help you would you clarify your situation more?
Are these users deleting a folder in your local environment? Are you trying to establish an access control method that is local to your environment or inside Azure itself?
Also, when you refer to a folder, are you referring to the file share itself or a folder in the file share?
It sounds like you're trying to establish an access control method, which doesn't work quite like you described. Is this what you're trying to achieve? https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-enable
MoRMongol
commented
5 years ago @roygara Thanks for your response. Let me clarify it if I can. If you know how "Exavault" works, it'll be very easy to understand. The following scenario is what we're trying to resolve with Azure.
Let's say, I own this 3d design company. We make 3d models for our customers. We create this online shared folder for a certain customer only. Let's say it's a phone case making company called "Smart Case LLC". It must be on a secure place where only "Smart Case LLC" has access to. Of course, "Smart Case LLC" and we are not in the same domain nor network so the environment would have to be solely based on the internet. Thus we're not talking about any kind of Active Directory. "Smart Case LLC" would upload their design sketch to this shared folder and we'd download and see it and make the model and upload it to the same folder and they'd download and use it to make a new phone case.
roygara
commented
5 years ago @MoRMongol Thank you for clarifying, there's actually a few separate ways you can setup an environment that will achieve what you're looking for. They're each very much contextual though, as in it depends on what specific needs you have. Would you email AzureFiles@microsoft.com for a more direct engagement so that we can work with you to find the one best suited to your particular needs?
MoRMongol
commented
5 years ago @roygara Can you just direct me on one of those separate ways you are talking about? Can it be done via Azure File Share or no? If not, what's one way you would suggest? I've been bouncing too many times between Microsoft representatives.
roygara
commented
5 years ago @MoRMongol As far as I know, none of them are documented. But to answer your question: It can be done using an Azure File Share, there are a variety of configurations utilizing a File share though, and which one makes the most sense to you is highly contextualized. You will be much better off emailing that dlist, it's a much more direct line and our Files product team is on it, so you shouldn't be bounced around. They should work with you to help find a configuration that works best for you.
MoRMongol
commented
5 years ago @roygara Thank you so much for your guidance here. I have already emailed the Files product team directly and am looking forward to their response. I am eager to learn whichever way that works. If, for some reason whether it be high volume of requests or workload that the Files team has, they don't respond, would you be able to help me with it? For example, you can just snip your screen of the steps to make the permission work on Files. Personally, I use that a lot to prepare tutorials and it doesn't take too long. With pictures, like the idiom goes, they can speak 1000 words themselves, right? Again, really appreciate your help.
roygara
commented
5 years ago @MoRMongol Of course, I'm happy to help any way that I can. :)
In this case though, I'm afraid it would take more than a few screenshots. The way I know involves utilizing another tool in combination with your file share. Basically using Azure Storage Explorer to generate a SAS key with limited permissions (no delete, in your case) for your file share and giving that to your customer. Then having them use the SAS key to authenticate to your file share on their own copy of azure storage explorer. This will grant them read/write only access, without delete. Then having them upload and inform you when they've completed the upload so you can manually force a sync (or wait 24 hours for the automated sync). For some obvious reasons this might not be the ideal solution for you, and the solution suggested in the thread might already be better for you.
In any case, I asked a colleague to add me to the email thread just to ensure things continue smoothly for you. Please feel free to engage with us through the email and we'll do our best to help you. I'll be closing this issue out accordingly, since GitHub issues is really meant for documentation support and not product support/engagement.
As far as I know, permissions on Access Policy don't work. I tried setting only "Read" permission on a folder but anyone could delete it. Azure File Sync connects to File Share. So I assume it inherits permissions from the storage account? I'm struggling to find an answer on this one, please help. Thanks in advance
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.