Microsoft.Storage storageAccounts/localUsers

Bicep resource definition

The storageAccounts/localUsers resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Storage/storageAccounts/localUsers resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Storage/storageAccounts/localUsers@2023-05-01' = {
  name: 'string'
  parent: resourceSymbolicName
  properties: {
    allowAclAuthorization: bool
    extendedGroups: [
      int
    ]
    groupId: int
    hasSharedKey: bool
    hasSshKey: bool
    hasSshPassword: bool
    homeDirectory: 'string'
    isNFSv3Enabled: bool
    permissionScopes: [
      {
        permissions: 'string'
        resourceName: 'string'
        service: 'string'
      }
    ]
    sshAuthorizedKeys: [
      {
        description: 'string'
        key: 'string'
      }
    ]
  }
}

Property values

storageAccounts/localUsers

Name Description Value
name The resource name

See how to set names and types for child resources in Bicep.
string (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: storageAccounts
properties Storage account local user properties. LocalUserProperties

LocalUserProperties

Name Description Value
allowAclAuthorization Indicates whether ACL authorization is allowed for this user. Set it to false to disallow using ACL authorization. bool
extendedGroups Supplementary group membership. Only applicable for local users enabled for NFSv3 access. int[]
groupId An identifier for associating a group of users. int
hasSharedKey Indicates whether shared key exists. Set it to false to remove existing shared key. bool
hasSshKey Indicates whether ssh key exists. Set it to false to remove existing SSH key. bool
hasSshPassword Indicates whether ssh password exists. Set it to false to remove existing SSH password. bool
homeDirectory Optional, local user home directory. string
isNFSv3Enabled Indicates if the local user is enabled for access with NFSv3 protocol. bool
permissionScopes The permission scopes of the local user. PermissionScope[]
sshAuthorizedKeys Optional, local user ssh authorized keys for SFTP. SshPublicKey[]

PermissionScope

Name Description Value
permissions The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), Create (c), Modify Ownership (o), and Modify Permissions (p). string (required)
resourceName The name of resource, normally the container name or the file share name, used by the local user. string (required)
service The service used by the local user, e.g. blob, file. string (required)

SshPublicKey

Name Description Value
description Optional. It is used to store the function/usage of the key string
key Ssh public key base64 encoded. The format should be: '{keyType} {keyData}', e.g. ssh-rsa AAAABBBB string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create Storage Account with SFTP enabled

Deploy to Azure
Creates an Azure Storage account and a blob container that can be accessed using SFTP protocol. Access can be password or public-key based.

ARM template resource definition

The storageAccounts/localUsers resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Storage/storageAccounts/localUsers resource, add the following JSON to your template.

{
  "type": "Microsoft.Storage/storageAccounts/localUsers",
  "apiVersion": "2023-05-01",
  "name": "string",
  "properties": {
    "allowAclAuthorization": "bool",
    "extendedGroups": [ "int" ],
    "groupId": "int",
    "hasSharedKey": "bool",
    "hasSshKey": "bool",
    "hasSshPassword": "bool",
    "homeDirectory": "string",
    "isNFSv3Enabled": "bool",
    "permissionScopes": [
      {
        "permissions": "string",
        "resourceName": "string",
        "service": "string"
      }
    ],
    "sshAuthorizedKeys": [
      {
        "description": "string",
        "key": "string"
      }
    ]
  }
}

Property values

storageAccounts/localUsers

Name Description Value
type The resource type 'Microsoft.Storage/storageAccounts/localUsers'
apiVersion The resource api version '2023-05-01'
name The resource name

See how to set names and types for child resources in JSON ARM templates.
string (required)
properties Storage account local user properties. LocalUserProperties

LocalUserProperties

Name Description Value
allowAclAuthorization Indicates whether ACL authorization is allowed for this user. Set it to false to disallow using ACL authorization. bool
extendedGroups Supplementary group membership. Only applicable for local users enabled for NFSv3 access. int[]
groupId An identifier for associating a group of users. int
hasSharedKey Indicates whether shared key exists. Set it to false to remove existing shared key. bool
hasSshKey Indicates whether ssh key exists. Set it to false to remove existing SSH key. bool
hasSshPassword Indicates whether ssh password exists. Set it to false to remove existing SSH password. bool
homeDirectory Optional, local user home directory. string
isNFSv3Enabled Indicates if the local user is enabled for access with NFSv3 protocol. bool
permissionScopes The permission scopes of the local user. PermissionScope[]
sshAuthorizedKeys Optional, local user ssh authorized keys for SFTP. SshPublicKey[]

PermissionScope

Name Description Value
permissions The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), Create (c), Modify Ownership (o), and Modify Permissions (p). string (required)
resourceName The name of resource, normally the container name or the file share name, used by the local user. string (required)
service The service used by the local user, e.g. blob, file. string (required)

SshPublicKey

Name Description Value
description Optional. It is used to store the function/usage of the key string
key Ssh public key base64 encoded. The format should be: '{keyType} {keyData}', e.g. ssh-rsa AAAABBBB string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create Storage Account with SFTP enabled

Deploy to Azure
Creates an Azure Storage account and a blob container that can be accessed using SFTP protocol. Access can be password or public-key based.

Terraform (AzAPI provider) resource definition

The storageAccounts/localUsers resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Storage/storageAccounts/localUsers resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Storage/storageAccounts/localUsers@2023-05-01"
  name = "string"
  parent_id = "string"
  body = jsonencode({
    properties = {
      allowAclAuthorization = bool
      extendedGroups = [
        int
      ]
      groupId = int
      hasSharedKey = bool
      hasSshKey = bool
      hasSshPassword = bool
      homeDirectory = "string"
      isNFSv3Enabled = bool
      permissionScopes = [
        {
          permissions = "string"
          resourceName = "string"
          service = "string"
        }
      ]
      sshAuthorizedKeys = [
        {
          description = "string"
          key = "string"
        }
      ]
    }
  })
}

Property values

storageAccounts/localUsers

Name Description Value
type The resource type "Microsoft.Storage/storageAccounts/localUsers@2023-05-01"
name The resource name string (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: storageAccounts
properties Storage account local user properties. LocalUserProperties

LocalUserProperties

Name Description Value
allowAclAuthorization Indicates whether ACL authorization is allowed for this user. Set it to false to disallow using ACL authorization. bool
extendedGroups Supplementary group membership. Only applicable for local users enabled for NFSv3 access. int[]
groupId An identifier for associating a group of users. int
hasSharedKey Indicates whether shared key exists. Set it to false to remove existing shared key. bool
hasSshKey Indicates whether ssh key exists. Set it to false to remove existing SSH key. bool
hasSshPassword Indicates whether ssh password exists. Set it to false to remove existing SSH password. bool
homeDirectory Optional, local user home directory. string
isNFSv3Enabled Indicates if the local user is enabled for access with NFSv3 protocol. bool
permissionScopes The permission scopes of the local user. PermissionScope[]
sshAuthorizedKeys Optional, local user ssh authorized keys for SFTP. SshPublicKey[]

PermissionScope

Name Description Value
permissions The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), Create (c), Modify Ownership (o), and Modify Permissions (p). string (required)
resourceName The name of resource, normally the container name or the file share name, used by the local user. string (required)
service The service used by the local user, e.g. blob, file. string (required)

SshPublicKey

Name Description Value
description Optional. It is used to store the function/usage of the key string
key Ssh public key base64 encoded. The format should be: '{keyType} {keyData}', e.g. ssh-rsa AAAABBBB string