New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Storage] Bug: Updating Default Access Control Lists does not work #22144
Comments
thanks @YoshicoppensE61 for reaching out, we'll investigate ASAP. |
Hi @YoshicoppensE61, apologies for this never getting looked at. It seems it fell off the radar. Are you still experiencing the issue? I was not able to repro this in local testing so it seems the SDK should support this scenario just fine. My one suspicion is your use of If you are flexible in your credential type, you could also try using Shared Key auth to make the update or DefaultAzureCredential. |
Hi, we're sending this friendly reminder because we haven't heard back from you in a while. We need more information about this issue to help address it. Please be sure to give us your input within the next 7 days. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you! |
@jalauzon-msft Hi, I think I worked around it or maybe I managed to fix it somehow, but in any case, the setup I was going for, works now, so you can close this ticket! |
Describe the bug
Using the function update_access_control_recursive or set_access_control works well to update regular ACL for files and folders. However, normally to update Default Access Control Lists, it should suffice to add "default:" as a prefix, but here errors pop up. I can add a default Access Control List for the standard options (owning group [default:group::r-x], owner[default:user::r-x], other[default:other::---]), but when I try to add an actual aad_id from a different AD group (using default:user:xxx..xxxx:r-x) I get an error.
(InvalidNamedUserOrNamedGroup) The named user or named group in the access control list is not valid.
RequestId:d216f552-d01f-003e-2e3f-f0a57a000000
Time:2021-12-13T16:39:14.8081970Z
For the same AD group, I do succeed in updating the Access ACL, so not sure why this is going wrong, maybe there is some kind of filter on it?
To Reproduce
Steps to reproduce the behavior:
service_client = DataLakeServiceClient(account_url="{}://{}.dfs.core.windows.net".format(
"https", storage_account_name), credential=credential)
file_system_client = service_client.get_file_system_client(file_system=)
directory_client = file_system_client.get_directory_client()
acl = 'default:user:{<aad_id>}:r-x'
directory_client.update_access_control_recursive(acl=acl)
Expected behavior
If I just add a default ACL rule via the Azure Portal for the same AD Group, it just immediately works when I try to save it. So I would expect no error here and the group to be added to the ACL rules.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: