Microsoft.Storage storageAccounts/localUsers

Bicep resource definition

The storageAccounts/localUsers resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Storage/storageAccounts/localUsers resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Storage/storageAccounts/localUsers@2023-05-01' = {
  parent: resourceSymbolicName
  name: 'string'
  properties: {
    allowAclAuthorization: bool
    extendedGroups: [
      int
    ]
    groupId: int
    hasSharedKey: bool
    hasSshKey: bool
    hasSshPassword: bool
    homeDirectory: 'string'
    isNFSv3Enabled: bool
    permissionScopes: [
      {
        permissions: 'string'
        resourceName: 'string'
        service: 'string'
      }
    ]
    sshAuthorizedKeys: [
      {
        description: 'string'
        key: 'string'
      }
    ]
  }
}

Property values

LocalUserProperties

Name Description Value
allowAclAuthorization Indicates whether ACL authorization is allowed for this user. Set it to false to disallow using ACL authorization. bool
extendedGroups Supplementary group membership. Only applicable for local users enabled for NFSv3 access. int[]
groupId An identifier for associating a group of users. int
hasSharedKey Indicates whether shared key exists. Set it to false to remove existing shared key. bool
hasSshKey Indicates whether ssh key exists. Set it to false to remove existing SSH key. bool
hasSshPassword Indicates whether ssh password exists. Set it to false to remove existing SSH password. bool
homeDirectory Optional, local user home directory. string
isNFSv3Enabled Indicates if the local user is enabled for access with NFSv3 protocol. bool
permissionScopes The permission scopes of the local user. PermissionScope[]
sshAuthorizedKeys Optional, local user ssh authorized keys for SFTP. SshPublicKey[]

Microsoft.Storage/storageAccounts/localUsers

Name Description Value
name The resource name string

Constraints:
Min length = 3
Max length = 3 (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: storageAccounts
properties Storage account local user properties. LocalUserProperties

PermissionScope

Name Description Value
permissions The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), Create (c), Modify Ownership (o), and Modify Permissions (p). string (required)
resourceName The name of resource, normally the container name or the file share name, used by the local user. string (required)
service The service used by the local user, e.g. blob, file. string (required)

SshPublicKey

Name Description Value
description Optional. It is used to store the function/usage of the key string
key Ssh public key base64 encoded. The format should be: '<keyType> <keyData>', e.g. ssh-rsa AAAABBBB string

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
Create Storage Account with SFTP enabled Creates an Azure Storage account and a blob container that can be accessed using SFTP protocol. Access can be password or public-key based.

ARM template resource definition

The storageAccounts/localUsers resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Storage/storageAccounts/localUsers resource, add the following JSON to your template.

{
  "type": "Microsoft.Storage/storageAccounts/localUsers",
  "apiVersion": "2023-05-01",
  "name": "string",
  "properties": {
    "allowAclAuthorization": "bool",
    "extendedGroups": [ "int" ],
    "groupId": "int",
    "hasSharedKey": "bool",
    "hasSshKey": "bool",
    "hasSshPassword": "bool",
    "homeDirectory": "string",
    "isNFSv3Enabled": "bool",
    "permissionScopes": [
      {
        "permissions": "string",
        "resourceName": "string",
        "service": "string"
      }
    ],
    "sshAuthorizedKeys": [
      {
        "description": "string",
        "key": "string"
      }
    ]
  }
}

Property values

LocalUserProperties

Name Description Value
allowAclAuthorization Indicates whether ACL authorization is allowed for this user. Set it to false to disallow using ACL authorization. bool
extendedGroups Supplementary group membership. Only applicable for local users enabled for NFSv3 access. int[]
groupId An identifier for associating a group of users. int
hasSharedKey Indicates whether shared key exists. Set it to false to remove existing shared key. bool
hasSshKey Indicates whether ssh key exists. Set it to false to remove existing SSH key. bool
hasSshPassword Indicates whether ssh password exists. Set it to false to remove existing SSH password. bool
homeDirectory Optional, local user home directory. string
isNFSv3Enabled Indicates if the local user is enabled for access with NFSv3 protocol. bool
permissionScopes The permission scopes of the local user. PermissionScope[]
sshAuthorizedKeys Optional, local user ssh authorized keys for SFTP. SshPublicKey[]

Microsoft.Storage/storageAccounts/localUsers

Name Description Value
apiVersion The api version '2023-05-01'
name The resource name string

Constraints:
Min length = 3
Max length = 3 (required)
properties Storage account local user properties. LocalUserProperties
type The resource type 'Microsoft.Storage/storageAccounts/localUsers'

PermissionScope

Name Description Value
permissions The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), Create (c), Modify Ownership (o), and Modify Permissions (p). string (required)
resourceName The name of resource, normally the container name or the file share name, used by the local user. string (required)
service The service used by the local user, e.g. blob, file. string (required)

SshPublicKey

Name Description Value
description Optional. It is used to store the function/usage of the key string
key Ssh public key base64 encoded. The format should be: '<keyType> <keyData>', e.g. ssh-rsa AAAABBBB string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create Storage Account with SFTP enabled

Deploy to Azure
Creates an Azure Storage account and a blob container that can be accessed using SFTP protocol. Access can be password or public-key based.

Terraform (AzAPI provider) resource definition

The storageAccounts/localUsers resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Storage/storageAccounts/localUsers resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Storage/storageAccounts/localUsers@2023-05-01"
  name = "string"
  body = jsonencode({
    properties = {
      allowAclAuthorization = bool
      extendedGroups = [
        int
      ]
      groupId = int
      hasSharedKey = bool
      hasSshKey = bool
      hasSshPassword = bool
      homeDirectory = "string"
      isNFSv3Enabled = bool
      permissionScopes = [
        {
          permissions = "string"
          resourceName = "string"
          service = "string"
        }
      ]
      sshAuthorizedKeys = [
        {
          description = "string"
          key = "string"
        }
      ]
    }
  })
}

Property values

LocalUserProperties

Name Description Value
allowAclAuthorization Indicates whether ACL authorization is allowed for this user. Set it to false to disallow using ACL authorization. bool
extendedGroups Supplementary group membership. Only applicable for local users enabled for NFSv3 access. int[]
groupId An identifier for associating a group of users. int
hasSharedKey Indicates whether shared key exists. Set it to false to remove existing shared key. bool
hasSshKey Indicates whether ssh key exists. Set it to false to remove existing SSH key. bool
hasSshPassword Indicates whether ssh password exists. Set it to false to remove existing SSH password. bool
homeDirectory Optional, local user home directory. string
isNFSv3Enabled Indicates if the local user is enabled for access with NFSv3 protocol. bool
permissionScopes The permission scopes of the local user. PermissionScope[]
sshAuthorizedKeys Optional, local user ssh authorized keys for SFTP. SshPublicKey[]

Microsoft.Storage/storageAccounts/localUsers

Name Description Value
name The resource name string

Constraints:
Min length = 3
Max length = 3 (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: storageAccounts
properties Storage account local user properties. LocalUserProperties
type The resource type "Microsoft.Storage/storageAccounts/localUsers@2023-05-01"

PermissionScope

Name Description Value
permissions The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), Create (c), Modify Ownership (o), and Modify Permissions (p). string (required)
resourceName The name of resource, normally the container name or the file share name, used by the local user. string (required)
service The service used by the local user, e.g. blob, file. string (required)

SshPublicKey

Name Description Value
description Optional. It is used to store the function/usage of the key string
key Ssh public key base64 encoded. The format should be: '<keyType> <keyData>', e.g. ssh-rsa AAAABBBB string