Partager via


Local Users - Create Or Update

Create or update the properties of a local user associated with the storage account. Properties for NFSv3 enablement and extended groups cannot be set with other properties.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}/localUsers/{username}?api-version=2023-05-01

URI Parameters

Name In Required Type Description
accountName
path True

string

The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.

Regex pattern: ^[a-z0-9]+$

resourceGroupName
path True

string

The name of the resource group within the user's subscription. The name is case insensitive.

Regex pattern: ^[-\w\._\(\)]+$

subscriptionId
path True

string

The ID of the target subscription.

username
path True

string

The name of local user. The username must contain lowercase letters and numbers only. It must be unique only within the storage account.

api-version
query True

string

The API version to use for this operation.

Request Body

Name Type Description
properties.allowAclAuthorization

boolean

Indicates whether ACL authorization is allowed for this user. Set it to false to disallow using ACL authorization.

properties.extendedGroups

integer[]

Supplementary group membership. Only applicable for local users enabled for NFSv3 access.

properties.groupId

integer

An identifier for associating a group of users.

properties.hasSharedKey

boolean

Indicates whether shared key exists. Set it to false to remove existing shared key.

properties.hasSshKey

boolean

Indicates whether ssh key exists. Set it to false to remove existing SSH key.

properties.hasSshPassword

boolean

Indicates whether ssh password exists. Set it to false to remove existing SSH password.

properties.homeDirectory

string

Optional, local user home directory.

properties.isNFSv3Enabled

boolean

Indicates if the local user is enabled for access with NFSv3 protocol.

properties.permissionScopes

PermissionScope[]

The permission scopes of the local user.

properties.sshAuthorizedKeys

SshPublicKey[]

Optional, local user ssh authorized keys for SFTP.

Responses

Name Type Description
200 OK

LocalUser

OK -- Put local user successfully.

Other Status Codes

ErrorResponse

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

CreateLocalUser
CreateNFSv3EnabledLocalUser
UpdateLocalUser

CreateLocalUser

Sample request

PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res6977/providers/Microsoft.Storage/storageAccounts/sto2527/localUsers/user1?api-version=2023-05-01

{
  "properties": {
    "permissionScopes": [
      {
        "permissions": "rwd",
        "service": "file",
        "resourceName": "share1"
      },
      {
        "permissions": "rw",
        "service": "file",
        "resourceName": "share2"
      }
    ],
    "homeDirectory": "homedirectory",
    "hasSshPassword": true,
    "sshAuthorizedKeys": [
      {
        "description": "key name",
        "key": "ssh-rsa keykeykeykeykey="
      }
    ],
    "groupId": 2000,
    "allowAclAuthorization": true
  }
}

Sample response

{
  "id": "/subscriptions/{subscription-id}/resourceGroups/res6977/providers/Microsoft.Storage/storageAccounts/sto2527/loalUsers/user1",
  "name": "user1",
  "type": "Microsoft.Storage/storageAccounts/localUsers",
  "properties": {
    "permissionScopes": [
      {
        "permissions": "rwd",
        "service": "file",
        "resourceName": "share1"
      },
      {
        "permissions": "rw",
        "service": "file",
        "resourceName": "share2"
      }
    ],
    "homeDirectory": "homedirectory",
    "sshAuthorizedKeys": [
      {
        "description": "key name",
        "key": "ssh-rsa keykeykeykeykey="
      }
    ],
    "sid": "S-1-2-0-125132-153423-36235-1000",
    "userId": 1000,
    "groupId": 2000,
    "allowAclAuthorization": true
  }
}

CreateNFSv3EnabledLocalUser

Sample request

PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res6977/providers/Microsoft.Storage/storageAccounts/sto2527/localUsers/user1?api-version=2023-05-01

{
  "properties": {
    "extendedGroups": [
      1001,
      1005,
      2005
    ],
    "isNFSv3Enabled": true
  }
}

Sample response

{
  "id": "/subscriptions/{subscription-id}/resourceGroups/res6977/providers/Microsoft.Storage/storageAccounts/sto2527/loalUsers/user1",
  "name": "user1",
  "type": "Microsoft.Storage/storageAccounts/localUsers",
  "properties": {
    "permissionScopes": [
      {
        "permissions": "rwd",
        "service": "file",
        "resourceName": "share1"
      },
      {
        "permissions": "rw",
        "service": "file",
        "resourceName": "share2"
      }
    ],
    "homeDirectory": "homedirectory",
    "sshAuthorizedKeys": [
      {
        "description": "key name",
        "key": "ssh-rsa keykeykeykeykey="
      }
    ],
    "sid": "S-1-2-0-125132-153423-36235-1000",
    "userId": 1000,
    "groupId": 2000,
    "allowAclAuthorization": true,
    "extendedGroups": [
      1001,
      1005,
      2005
    ],
    "isNFSv3Enabled": true
  }
}

UpdateLocalUser

Sample request

PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res6977/providers/Microsoft.Storage/storageAccounts/sto2527/localUsers/user1?api-version=2023-05-01

{
  "properties": {
    "homeDirectory": "homedirectory2",
    "hasSharedKey": false,
    "hasSshPassword": false,
    "hasSshKey": false,
    "groupId": 3000,
    "allowAclAuthorization": false,
    "extendedGroups": [
      1001,
      1005,
      2005
    ],
    "isNFSv3Enabled": true
  }
}

Sample response

{
  "id": "/subscriptions/{subscription-id}/resourceGroups/res6977/providers/Microsoft.Storage/storageAccounts/sto2527/loalUsers/user1",
  "name": "user1",
  "type": "Microsoft.Storage/storageAccounts/localUsers",
  "properties": {
    "homeDirectory": "homedirectory2",
    "sid": "S-1-2-0-3528686663-1788730862-2791910117-1000",
    "hasSharedKey": false,
    "hasSshPassword": false,
    "hasSshKey": false,
    "userId": 1000,
    "groupId": 3000,
    "allowAclAuthorization": false,
    "extendedGroups": [
      1001,
      1005,
      2005
    ],
    "isNFSv3Enabled": true
  }
}

Definitions

Name Description
createdByType

The type of identity that created the resource.

ErrorResponse

An error response from the storage resource provider.

ErrorResponseBody

Error response body contract.

LocalUser

The local user associated with the storage accounts.

PermissionScope
SshPublicKey
systemData

Metadata pertaining to creation and last modification of the resource.

createdByType

The type of identity that created the resource.

Name Type Description
Application

string

Key

string

ManagedIdentity

string

User

string

ErrorResponse

An error response from the storage resource provider.

Name Type Description
error

ErrorResponseBody

Azure Storage Resource Provider error response body.

ErrorResponseBody

Error response body contract.

Name Type Description
code

string

An identifier for the error. Codes are invariant and are intended to be consumed programmatically.

message

string

A message describing the error, intended to be suitable for display in a user interface.

LocalUser

The local user associated with the storage accounts.

Name Type Description
id

string

Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}

name

string

The name of the resource

properties.allowAclAuthorization

boolean

Indicates whether ACL authorization is allowed for this user. Set it to false to disallow using ACL authorization.

properties.extendedGroups

integer[]

Supplementary group membership. Only applicable for local users enabled for NFSv3 access.

properties.groupId

integer

An identifier for associating a group of users.

properties.hasSharedKey

boolean

Indicates whether shared key exists. Set it to false to remove existing shared key.

properties.hasSshKey

boolean

Indicates whether ssh key exists. Set it to false to remove existing SSH key.

properties.hasSshPassword

boolean

Indicates whether ssh password exists. Set it to false to remove existing SSH password.

properties.homeDirectory

string

Optional, local user home directory.

properties.isNFSv3Enabled

boolean

Indicates if the local user is enabled for access with NFSv3 protocol.

properties.permissionScopes

PermissionScope[]

The permission scopes of the local user.

properties.sid

string

A unique Security Identifier that is generated by the server.

properties.sshAuthorizedKeys

SshPublicKey[]

Optional, local user ssh authorized keys for SFTP.

properties.userId

integer

A unique Identifier that is generated by the server.

systemData

systemData

Metadata pertaining to creation and last modification of the resource.

type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

PermissionScope

Name Type Description
permissions

string

The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), Create (c), Modify Ownership (o), and Modify Permissions (p).

resourceName

string

The name of resource, normally the container name or the file share name, used by the local user.

service

string

The service used by the local user, e.g. blob, file.

SshPublicKey

Name Type Description
description

string

Optional. It is used to store the function/usage of the key

key

string

Ssh public key base64 encoded. The format should be: ' ', e.g. ssh-rsa AAAABBBB

systemData

Metadata pertaining to creation and last modification of the resource.

Name Type Description
createdAt

string

The timestamp of resource creation (UTC).

createdBy

string

The identity that created the resource.

createdByType

createdByType

The type of identity that created the resource.

lastModifiedAt

string

The timestamp of resource last modification (UTC)

lastModifiedBy

string

The identity that last modified the resource.

lastModifiedByType

createdByType

The type of identity that last modified the resource.