Search code examples
azure-storageazure-rbac

list ACL for storage

i want to list access that were provided on storage via ACL.

Is there a API solution for this?

I want to list all entities (AD group, Service Principal etc) (like one marked in green) that has access to storage via ACLs

Idea is to create audit platform which can list all access that are provided via ACL

enter image description here

I tried path, as suggested in one of the comment. "x-ms-acl" is missing in response. (refer screenshot) enter image description here

after changing blob to "dfs" in blob, it worked.

Solution

  • The API you would want to use is Path - Get Properties with action query parameter as getAccessControl. This should return you ACL in x-ms-acl response header.

    You will need to use DFS endpoint (instead of blob endpoint).

    enter image description here

    If you are using Azure.Storage.Files.DataLake (.Net SDK for Azure DataLake), the method you would want to use is DataLakeDirectoryClient.GetAccessControlAsync.