Hello Pankaj Joshi,
Welcome to the Microsoft Q&A and thank you for posting your questions here.
I understand that you have a challenge with your container which inherit RBAC role "storage data contributor" from parent and cannot be removed.
Regarding your questions:
How can I make file or container read only? Is it possible by ACL or any other option?
Yes, it is possible with ACL. You can the container read-only despite the inherited "Storage Blob Data Contributor" role, by using Access Control Lists (ACLs) to override the inherited permissions. Also, as an option, you can use Azure rbac as well as ACL. https://learn.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access and https://learn.microsoft.com/en-us/azure/storage/blobs/storage-auth-abac
You can follow the below guides to achieve read-only implementation using Azure CLI or this YouTube link https://youtu.be/hjaP7u5d0x8 for more details on configurations and Azure Storage Explorer.
# Set ACLs on the File
az storage fs access set --acl "user::r--,group::r--,other::r--" --path <file-path> --account-name <storage-account-name> --file-system <container-name>
# Set ACLs on the Container
az storage fs access set --acl "user::r-x,group::r-x,other::r-x" --path <container-name> --account-name <storage-account-name> --file-system <container-name>
# Use Azure Attribute-Based Access Control (ABAC)
az role assignment create --role "Storage Blob Data Reader" --assignee <user-principal-name> --scope /subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>/blobServices/default/containers/<container-name>
NOTE: Run the code one after the other and provide appropriate information for everything in a angle bracket < -- >.
I hope this is helpful! Do not hesitate to let me know if you have any other questions.
** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.
Best Regards,
Sina Salam