Share via

Does MSFT support exact set-acl capabilities between UI, PS and Rest API for ANF Volumes?

Robert Garlington 5 Reputation points
2024-10-08T22:03:54.67+00:00

We are getting an error when we try to use PowerShell to set ACL on our ANF volume. UI works, but there seems to be some additional intelligence being used because it maps the SID to the AAD user instead of the CT\User domain user. Is there a way or mechanism via PowerShell code that we can utilize to manage the ACL for the ANF volume?

Azure NetApp Files
Azure NetApp Files
An Azure service that provides enterprise-grade file shares powered by NetApp.
93 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,552 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sumarigo-MSFT 46,286 Reputation points Microsoft Employee
    2024-10-09T04:18:54.3533333+00:00

    @Robert Garlington Welcome to Microsoft Q&A Forum , Thank you for posting your query here!

    Can you please share the screenshot of the error message?
    Could you clarify if it's an SMB or NFS volume?

    To set ACLs for Azure NetApp Files volumes using PowerShell, you can follow these steps. This process involves using the Set-Acl cmdlet to manage the access control lists for your ANF volumes.

    Connect to Azure: First, ensure you are connected to your Azure account.

    Connect-AzAccount

    Retrieve the ANF Volume: Get the details of the ANF volume you want to set ACLs for.

    $anfVolume = Get-AzNetAppFilesVolume -ResourceGroupName "<ResourceGroupName>" -AccountName "<AccountName>" -PoolName "<PoolName>" -VolumeName "<VolumeName>"

    Retrieve the Current ACL: Get the current ACL for the volume.

    $acl = Get-Acl -Path $anfVolume.MountPath

    Create a New Access Rule: Create a new access rule for the user or group you want to grant permissions to.

    $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("<UserOrGroup>", "FullControl", "Allow")

    Apply the Access Rule: Add the new access rule to the ACL.

    $acl.SetAccessRule($accessRule)

    Set the Updated ACL: Apply the updated ACL to the volume.

    Set-Acl -Path $anfVolume.MountPath -AclObject $acl

    This process should help you manage ACLs for your ANF volumes using PowerShell.

    Setting NTFS ACL permission via the ONTAP PowerShell module

    Note: Azure NetApp Files doesn't support windows audit ACLs. Azure NetApp Files ignores any audit ACL applied to files or directories hosted on Azure NetApp Files volumes.

    The other option is you can try from client VMs, Usually we perform ACL operation through client VMs
    Configure access control lists on NFSv4.1 volumes for Azure NetApp Files: https://zcusa.951200.xyz/en-us/azure/azure-netapp-files/configure-access-control-lists

    Manage SMB share ACLs in Azure NetApp Files:
    https://zcusa.951200.xyz/en-us/azure/azure-netapp-files/manage-smb-share-access-control-lists

    Please let us know if you have any further queries. I’m happy to assist you further.     

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.