Azure role-based access control (Azure RBAC) for Azure file shares requires identity-based authentication integration. According to the Microsoft Azure Administrator documentation, this feature is only supported for StorageV2 (general purpose v2) and FileStorage account types.
In this scenario:
You are required to grant Group4 read-only access using Azure RBAC on Azure file shares.
The technical requirement specifies:
“Whenever possible, grant Group4 Azure RBAC read-only permissions to the Azure file shares.”
From the case study data:
Storage Account
Kind
Identity-based Access
storage1
Storage (general purpose v1)
Azure AD DS
storage2
StorageV2
Disabled
storage3
BlobStorage
N/A
storage4
FileStorage
Azure AD DS
The Storage (general purpose v1) type (storage1) does not support Azure AD or Azure RBAC integration for file shares. Microsoft documentation clearly states that “StorageV1 accounts must be upgraded to StorageV2 to support Azure AD authentication and RBAC role assignments.”
Meanwhile, FileStorage (storage4) already supports Azure AD Domain Services (Azure AD DS) and RBAC role assignment; hence no further modification is required there. However, to make storage1 compatible, it must be converted from StorageV1 to StorageV2.
Once converted to StorageV2, you can then:
Enable identity-based access for Azure file shares.
Assign Azure RBAC roles (e.g., Storage File Data Reader) to Group4.
Microsoft-Documented Requirements Summary:
Supported Account Types: StorageV2 or FileStorage
Unsupported: StorageV1 and BlobStorage
Required RBAC Roles for Read-Only Access:
Storage File Data Reader (or custom read-only role)
Thus, to meet the organization’s requirement to provide Azure RBAC read-only permissions, you must change the account type of storage1 to StorageV2, ensuring both storage1 and storage4 can be managed with Azure RBAC.
