Azure文件存储访问控制 [英] Azure file storage access control

问题描述

是否有Azure解决方案，我可以将文件存储在文件系统（如Azure文件存储）中，但也可以：

i）允许我域中的其他AzureAD用户在Windows资源管理器中以只读方式挂载文件系统

ii）允许非Azure用户（例如运行R的非Microsoft云服务器脚本）以只读或读/写方式挂载文件系统？

我很难在Azure文件存储中使用它。我可以在访问控制（IAM）中添加其他用户作为读取角色。但是，如果他们想使用SMB挂载fs，那么就我所见，访问密钥将为他们提供完全访问权限。这是正确的吗？

此外，我可以使用共享访问签名访问单个文件，但是即使Azure门户让我复制一个文件夹也无法访问文件夹。

解决方案

嗨塞缪尔，你好b
$ b我们刚刚宣布与Azure Active Directory集成的预览域名服务（AAD DS）。如果您按照

配置Azure文件的说明AAD DS ，您可以为个人用户提供只读共享权限，就像在Windows Server上一样。



希望这会有所帮助！



谢谢，



Will Gries

Azure文件管理员

Is there an Azure solution where I can store files in a filesystem (like Azure File Storage) but can also:

i) allow other AzureAD users in my domain to mount the filesystem in Windows Explorer as read-only

ii) allow non-Azure users (e.g. a non-Microsoft cloud server running an R script) to mount the filesystem in either read-only or read/write?

I'm struggling to make this work with Azure File Storage. I can add other users as read roles in Access Control (IAM). However, if they want to mount the fs using SMB the access key will give them full access as far as I can see. Is this correct?

Also, I can access individual files using Shared Access Signature but can't seem to do it for folders even though the Azure portal let's me copy one.

解决方案

Hi Samuel,

We just announced the preview of integration with Azure Active Directory Domain Services (AAD DS). If you follow the instructions for configuring Azure Files with AAD DS, you can give individual users read-only share permissions, just like you would on Windows Server.

Hope this helps!

Thanks,

Will Gries
Program Manager, Azure Files

这篇关于Azure文件存储访问控制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！