Share via


az storage account local-user

Note

This command group has commands that are defined in both Azure CLI and at least one extension. Install each extension to benefit from its extended capabilities. Learn more about extensions.

Manage storage account local users.

Commands

Name Description Type Status
az storage account local-user create

Create a local user for a given storage account.

Core GA
az storage account local-user create (storage-preview extension)

Create a local user for a given storage account.

Extension Preview
az storage account local-user delete

Delete a local user.

Core GA
az storage account local-user delete (storage-preview extension)

Delete a local user.

Extension Preview
az storage account local-user list

List local users for a storage account.

Core GA
az storage account local-user list (storage-preview extension)

List local users for a storage account.

Extension Preview
az storage account local-user list-keys

List sharedkeys and sshAuthorizedKeys for a local user.

Core GA
az storage account local-user list-keys (storage-preview extension)

List sharedkeys and sshAuthorizedKeys for a local user.

Extension Preview
az storage account local-user regenerate-password

Regenerate sshPassword for a local user.

Core GA
az storage account local-user regenerate-password (storage-preview extension)

Regenerate sshPassword for a local user.

Extension Preview
az storage account local-user show

Show info for a local user.

Core GA
az storage account local-user show (storage-preview extension)

Show info for a local user.

Extension Preview
az storage account local-user update

Update properties for a local user.

Core GA
az storage account local-user update (storage-preview extension)

Update properties for a local user.

Extension Preview

az storage account local-user create

Create a local user for a given storage account.

az storage account local-user create --account-name
                                     --name
                                     --resource-group
                                     [--has-shared-key {false, true}]
                                     [--has-ssh-key {false, true}]
                                     [--has-ssh-password {false, true}]
                                     [--home-directory]
                                     [--permission-scope]
                                     [--ssh-authorized-key]

Examples

Create a local-user with two permission scopes and an ssh-authorized-key

az storage account local-user create --account-name {account-name} -g {resource-group} -n {username} --home-directory home --permission-scope permissions=r service=blob resource-name=container1 --permission-scope permissions=rw service=file resource-name=share2 --ssh-authorized-key key="ssh-rsa a2V5" --has-ssh-key true --has-ssh-password --has-shared-key false

Required Parameters

--account-name

The storage account name.

--name --user-name -n

The name of local user. The username must contain lowercase letters and numbers only. It must be unique only within the storage account.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--has-shared-key

Indicates whether shared key exists. Set it to false to remove existing shared key.

Accepted values: false, true
--has-ssh-key

Indicates whether ssh key exists. Set it to false to remove existing SSH key.

Accepted values: false, true
--has-ssh-password

Indicates whether ssh password exists. Set it to false to remove existing SSH password.

Accepted values: false, true
--home-directory

The home directory.

--permission-scope

The permission scope argument list which includes the permissions, service, and resource_name.The permissions can be a combination of the below possible values: Read(r), Write (w), Delete (d), List (l), and Create (c). The service has possible values: blob, file. The resource-name is the container name or the file share name. Example: --permission-scope permissions=r service=blob resource-name=container1Can specify multiple permission scopes: --permission-scope permissions=rw service=blob resource-name=container1--permission-scope permissions=rwd service=file resource-name=share2.

--ssh-authorized-key

SSH authorized keys for SFTP. Includes an optional description and key. The key is the base64 encoded SSH public key , with format: e.g. ssh-rsa AAAABBBB.Example: --ssh_authorized_key description=description key="ssh-rsa AAAABBBB"or --ssh_authorized_key key="ssh-rsa AAAABBBB".

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az storage account local-user create (storage-preview extension)

Preview

Command group 'storage account local-user' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a local user for a given storage account.

az storage account local-user create --account-name
                                     --name
                                     --resource-group
                                     [--allow-acl-auth {false, true}]
                                     [--extended-groups]
                                     [--group-id]
                                     [--has-shared-key {false, true}]
                                     [--has-ssh-key {false, true}]
                                     [--has-ssh-password {false, true}]
                                     [--home-directory]
                                     [--is-nfsv3-enabled {false, true}]
                                     [--permission-scope]
                                     [--ssh-authorized-key]

Examples

Create a local-user with two permission scopes and an ssh-authorized-key

az storage account local-user create --account-name {account-name} -g {resource-group} -n {username} --home-directory home --permission-scope permissions=r service=blob resource-name=container1 --permission-scope permissions=rw service=file resource-name=share2 --ssh-authorized-key key="ssh-rsa a2V5" --has-ssh-key true --has-ssh-password --has-shared-key false --group-id 1 --allow-acl-authorization true --extended-groups 3 4 --is-nfsv3-enabled true

Required Parameters

--account-name

The storage account name.

--name --user-name -n

The name of local user. The username must contain lowercase letters and numbers only. It must be unique only within the storage account.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--allow-acl-auth --allow-acl-authorization

Indicate whether ACL authorization is allowed for this user. Set it to false to disallow using ACL authorization.

Accepted values: false, true
--extended-groups

Supplementary group membership. Only applicable for local users enabled for NFSv3 access.

--group-id

An identifier for associating a group of users.

--has-shared-key

Indicates whether shared key exists. Set it to false to remove existing shared key.

Accepted values: false, true
--has-ssh-key

Indicates whether ssh key exists. Set it to false to remove existing SSH key.

Accepted values: false, true
--has-ssh-password

Indicates whether ssh password exists. Set it to false to remove existing SSH password.

Accepted values: false, true
--home-directory

The home directory.

--is-nfsv3-enabled

Indicate if the local user is enabled for access with NFSv3 protocol.

Accepted values: false, true
--permission-scope

The permission scope argument list which includes the permissions, service, and resource_name.The permissions can be a combination of the below possible values: Read(r), Write (w), Delete (d), List (l), and Create (c). The service has possible values: blob, file. The resource-name is the container name or the file share name. Example: --permission-scope permissions=r service=blob resource-name=container1Can specify multiple permission scopes: --permission-scope permissions=rw service=blob resource-name=container1--permission-scope permissions=rwd service=file resource-name=share2.

--ssh-authorized-key

SSH authorized keys for SFTP. Includes an optional description and key. The key is the base64 encoded SSH public key , with format: e.g. ssh-rsa AAAABBBB.Example: --ssh_authorized_key description=description key="ssh-rsa AAAABBBB"or --ssh_authorized_key key="ssh-rsa AAAABBBB".

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az storage account local-user delete

Delete a local user.

az storage account local-user delete --account-name
                                     --name
                                     --resource-group

Examples

Delete a local-user

az storage account local-user delete --account-name {account-name} -g {resource-group} -n {username}

Required Parameters

--account-name

The storage account name.

--name --user-name -n

The name of local user. The username must contain lowercase letters and numbers only. It must be unique only within the storage account.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az storage account local-user delete (storage-preview extension)

Preview

Command group 'storage account local-user' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Delete a local user.

az storage account local-user delete --account-name
                                     --name
                                     --resource-group

Examples

Delete a local-user

az storage account local-user delete --account-name {account-name} -g {resource-group} -n {username}

Required Parameters

--account-name

The storage account name.

--name --user-name -n

The name of local user. The username must contain lowercase letters and numbers only. It must be unique only within the storage account.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az storage account local-user list

List local users for a storage account.

az storage account local-user list --account-name
                                   --resource-group
                                   [--filter]
                                   [--include]
                                   [--maxpagesize]

Examples

List local-user for a storage account

az storage account local-user list --account-name {account-name} -g {resource-group}

Required Parameters

--account-name

The storage account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--filter

Optional. When specified, only local user names starting with the filter will be listed. Default value is None.

--include

Optional, when specified, will list local users enabled for the specific protocol. Lists all users by default. "nfsv3" Default value is None.

--maxpagesize

Optional, specifies the maximum number of local users that will be included in the list response. Default value is None.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az storage account local-user list (storage-preview extension)

Preview

Command group 'storage account local-user' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

List local users for a storage account.

az storage account local-user list --account-name
                                   --resource-group
                                   [--filter]
                                   [--include]
                                   [--maxpagesize]

Examples

List local-user for a storage account with name starting with test and only returning 3 results

az storage account local-user list --account-name {account-name} -g {resource-group} --filter "startswith(name, test)" --maxpagesize 3

Required Parameters

--account-name

The storage account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--filter

Optional. When specified, only local user names starting with the filter will be listed. Default value is None.

--include

Optional, when specified, will list local users enabled for the specific protocol. Lists all users by default. "nfsv3" Default value is None.

--maxpagesize

Optional, specifies the maximum number of local users that will be included in the list response. Default value is None.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az storage account local-user list-keys

List sharedkeys and sshAuthorizedKeys for a local user.

az storage account local-user list-keys --account-name
                                        --name
                                        --resource-group

Examples

List sharedkeys and sshAuthorizedKeys for a local-user

az storage account local-user list-keys --account-name {account-name} -g {resource-group} -n {username}

Required Parameters

--account-name

The storage account name.

--name --user-name -n

The name of local user. The username must contain lowercase letters and numbers only. It must be unique only within the storage account.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az storage account local-user list-keys (storage-preview extension)

Preview

Command group 'storage account local-user' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

List sharedkeys and sshAuthorizedKeys for a local user.

az storage account local-user list-keys --account-name
                                        --name
                                        --resource-group

Examples

List sharedkeys and sshAuthorizedKeys for a local-user

az storage account local-user list-keys --account-name {account-name} -g {resource-group} -n {username}

Required Parameters

--account-name

The storage account name.

--name --user-name -n

The name of local user. The username must contain lowercase letters and numbers only. It must be unique only within the storage account.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az storage account local-user regenerate-password

Regenerate sshPassword for a local user.

az storage account local-user regenerate-password --account-name
                                                  --name
                                                  --resource-group

Examples

Regenerate sshPassword for a local-user

az storage account local-user regenerate-password --account-name {account-name} -g {resource-group} -n {username}

Required Parameters

--account-name

The storage account name.

--name --user-name -n

The name of local user. The username must contain lowercase letters and numbers only. It must be unique only within the storage account.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az storage account local-user regenerate-password (storage-preview extension)

Preview

Command group 'storage account local-user' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Regenerate sshPassword for a local user.

az storage account local-user regenerate-password --account-name
                                                  --name
                                                  --resource-group

Examples

Regenerate sshPassword for a local-user

az storage account local-user regenerate-password --account-name {account-name} -g {resource-group} -n {username}

Required Parameters

--account-name

The storage account name.

--name --user-name -n

The name of local user. The username must contain lowercase letters and numbers only. It must be unique only within the storage account.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az storage account local-user show

Show info for a local user.

az storage account local-user show --account-name
                                   --name
                                   --resource-group

Examples

Show info for a local-user

az storage account local-user show --account-name {account-name} -g {resource-group} -n {username}

Required Parameters

--account-name

The storage account name.

--name --user-name -n

The name of local user. The username must contain lowercase letters and numbers only. It must be unique only within the storage account.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az storage account local-user show (storage-preview extension)

Preview

Command group 'storage account local-user' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Show info for a local user.

az storage account local-user show --account-name
                                   --name
                                   --resource-group

Examples

Show info for a local-user

az storage account local-user show --account-name {account-name} -g {resource-group} -n {username}

Required Parameters

--account-name

The storage account name.

--name --user-name -n

The name of local user. The username must contain lowercase letters and numbers only. It must be unique only within the storage account.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az storage account local-user update

Update properties for a local user.

az storage account local-user update --account-name
                                     --name
                                     --resource-group
                                     [--has-shared-key {false, true}]
                                     [--has-ssh-key {false, true}]
                                     [--has-ssh-password {false, true}]
                                     [--home-directory]
                                     [--permission-scope]
                                     [--ssh-authorized-key]

Examples

Update a local-user with one permission scopes and no ssh-key

az storage account local-user update --account-name {account-name} -g {resource-group} -n {username} --permission-scope permissions=rw service=file resource-name=share2 --has-ssh-key false

Required Parameters

--account-name

The storage account name.

--name --user-name -n

The name of local user. The username must contain lowercase letters and numbers only. It must be unique only within the storage account.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--has-shared-key

Indicates whether shared key exists. Set it to false to remove existing shared key.

Accepted values: false, true
--has-ssh-key

Indicates whether ssh key exists. Set it to false to remove existing SSH key.

Accepted values: false, true
--has-ssh-password

Indicates whether ssh password exists. Set it to false to remove existing SSH password.

Accepted values: false, true
--home-directory

The home directory.

--permission-scope

The permission scope argument list which includes the permissions, service, and resource_name.The permissions can be a combination of the below possible values: Read(r), Write (w), Delete (d), List (l), and Create (c). The service has possible values: blob, file. The resource-name is the container name or the file share name. Example: --permission-scope permissions=r service=blob resource-name=container1Can specify multiple permission scopes: --permission-scope permissions=rw service=blob resource-name=container1--permission-scope permissions=rwd service=file resource-name=share2.

--ssh-authorized-key

SSH authorized keys for SFTP. Includes an optional description and key. The key is the base64 encoded SSH public key , with format: e.g. ssh-rsa AAAABBBB.Example: --ssh_authorized_key description=description key="ssh-rsa AAAABBBB"or --ssh_authorized_key key="ssh-rsa AAAABBBB".

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az storage account local-user update (storage-preview extension)

Preview

Command group 'storage account local-user' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Update properties for a local user.

az storage account local-user update --account-name
                                     --name
                                     --resource-group
                                     [--allow-acl-auth {false, true}]
                                     [--extended-groups]
                                     [--group-id]
                                     [--has-shared-key {false, true}]
                                     [--has-ssh-key {false, true}]
                                     [--has-ssh-password {false, true}]
                                     [--home-directory]
                                     [--permission-scope]
                                     [--ssh-authorized-key]

Examples

Update a local-user with one permission scopes and no ssh-key

az storage account local-user update --account-name {account-name} -g {resource-group} -n {username} --permission-scope permissions=rw service=file resource-name=share2 --has-ssh-key false --group-id 2 --allow-acl-authorization false --extended-groups 3 4

Required Parameters

--account-name

The storage account name.

--name --user-name -n

The name of local user. The username must contain lowercase letters and numbers only. It must be unique only within the storage account.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--allow-acl-auth --allow-acl-authorization

Indicate whether ACL authorization is allowed for this user. Set it to false to disallow using ACL authorization.

Accepted values: false, true
--extended-groups

Supplementary group membership. Only applicable for local users enabled for NFSv3 access.

--group-id

An identifier for associating a group of users.

--has-shared-key

Indicates whether shared key exists. Set it to false to remove existing shared key.

Accepted values: false, true
--has-ssh-key

Indicates whether ssh key exists. Set it to false to remove existing SSH key.

Accepted values: false, true
--has-ssh-password

Indicates whether ssh password exists. Set it to false to remove existing SSH password.

Accepted values: false, true
--home-directory

The home directory.

--permission-scope

The permission scope argument list which includes the permissions, service, and resource_name.The permissions can be a combination of the below possible values: Read(r), Write (w), Delete (d), List (l), and Create (c). The service has possible values: blob, file. The resource-name is the container name or the file share name. Example: --permission-scope permissions=r service=blob resource-name=container1Can specify multiple permission scopes: --permission-scope permissions=rw service=blob resource-name=container1--permission-scope permissions=rwd service=file resource-name=share2.

--ssh-authorized-key

SSH authorized keys for SFTP. Includes an optional description and key. The key is the base64 encoded SSH public key , with format: e.g. ssh-rsa AAAABBBB.Example: --ssh_authorized_key description=description key="ssh-rsa AAAABBBB"or --ssh_authorized_key key="ssh-rsa AAAABBBB".

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.