Local Users - Create Or Update

Service:: Storage Resource Provider

API Version:: 2024-01-01

Create or update the properties of a local user associated with the storage account. Properties for NFSv3 enablement and extended groups cannot be set with other properties.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}/localUsers/{username}?api-version=2024-01-01

URI Parameters

Name	In	Required	Type	Description
accountName	path	True	string minLength: 3 maxLength: 24 pattern: ^[a-z0-9]+$	The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only.
resourceGroupName	path	True	string minLength: 1 maxLength: 90 pattern: ^[-\w\._]+$	The name of the resource group within the user's subscription. The name is case insensitive.
subscriptionId	path	True	string minLength: 1	The ID of the target subscription.
username	path	True	string minLength: 3 maxLength: 64	The name of local user. The username must contain lowercase letters and numbers only. It must be unique only within the storage account.
api-version	query	True	string minLength: 1	The API version to use for this operation.

Request Body

Name	Type	Description
properties.allowAclAuthorization	boolean	Indicates whether ACL authorization is allowed for this user. Set it to false to disallow using ACL authorization.
properties.extendedGroups	integer[] (int32)	Supplementary group membership. Only applicable for local users enabled for NFSv3 access.
properties.groupId	integer (int32)	An identifier for associating a group of users.
properties.hasSharedKey	boolean	Indicates whether shared key exists. Set it to false to remove existing shared key.
properties.hasSshKey	boolean	Indicates whether ssh key exists. Set it to false to remove existing SSH key.
properties.hasSshPassword	boolean	Indicates whether ssh password exists. Set it to false to remove existing SSH password.
properties.homeDirectory	string	Optional, local user home directory.
properties.isNFSv3Enabled	boolean	Indicates if the local user is enabled for access with NFSv3 protocol.
properties.permissionScopes	PermissionScope[]	The permission scopes of the local user.
properties.sshAuthorizedKeys	SshPublicKey[]	Optional, local user ssh authorized keys for SFTP.

Responses

Name	Type	Description
200 OK	LocalUser	OK -- Put local user successfully.
Other Status Codes	ErrorResponse	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

CreateLocalUser

CreateNFSv3EnabledLocalUser

UpdateLocalUser

CreateLocalUser

Sample request

PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res6977/providers/Microsoft.Storage/storageAccounts/sto2527/localUsers/user1?api-version=2024-01-01

{
  "properties": {
    "permissionScopes": [
      {
        "permissions": "rwd",
        "service": "file",
        "resourceName": "share1"
      },
      {
        "permissions": "rw",
        "service": "file",
        "resourceName": "share2"
      }
    ],
    "homeDirectory": "homedirectory",
    "hasSshPassword": true,
    "sshAuthorizedKeys": [
      {
        "description": "key name",
        "key": "ssh-rsa keykeykeykeykey="
      }
    ],
    "groupId": 2000,
    "allowAclAuthorization": true
  }
}


import com.azure.resourcemanager.storage.fluent.models.LocalUserInner;
import com.azure.resourcemanager.storage.models.PermissionScope;
import com.azure.resourcemanager.storage.models.SshPublicKey;
import java.util.Arrays;

/**
 * Samples for LocalUsersOperation CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/storage/resource-manager/Microsoft.Storage/stable/2024-01-01/examples/LocalUserCreate.json
     */
    /**
     * Sample code: CreateLocalUser.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createLocalUser(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.storageAccounts().manager().serviceClient().getLocalUsersOperations().createOrUpdateWithResponse(
            "res6977", "sto2527", "user1",
            new LocalUserInner()
                .withPermissionScopes(Arrays.asList(
                    new PermissionScope().withPermissions("rwd").withService("file").withResourceName("share1"),
                    new PermissionScope().withPermissions("rw").withService("file").withResourceName("share2")))
                .withHomeDirectory("homedirectory")
                .withSshAuthorizedKeys(
                    Arrays.asList(new SshPublicKey().withDescription("key name").withKey("fakeTokenPlaceholder")))
                .withHasSshPassword(true).withGroupId(2000).withAllowAclAuthorization(true),
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.storage import StorageManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-storage
# USAGE
    python local_user_create.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = StorageManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="{subscription-id}",
    )

    response = client.local_users.create_or_update(
        resource_group_name="res6977",
        account_name="sto2527",
        username="user1",
        properties={
            "properties": {
                "allowAclAuthorization": True,
                "groupId": 2000,
                "hasSshPassword": True,
                "homeDirectory": "homedirectory",
                "permissionScopes": [
                    {"permissions": "rwd", "resourceName": "share1", "service": "file"},
                    {"permissions": "rw", "resourceName": "share2", "service": "file"},
                ],
                "sshAuthorizedKeys": [{"description": "key name", "key": "ssh-rsa keykeykeykeykey="}],
            }
        },
    )
    print(response)


# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2024-01-01/examples/LocalUserCreate.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armstorage_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/86c6306649b02e542117adb46c61e8019dbd78e9/specification/storage/resource-manager/Microsoft.Storage/stable/2024-01-01/examples/LocalUserCreate.json
func ExampleLocalUsersClient_CreateOrUpdate_createLocalUser() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewLocalUsersClient().CreateOrUpdate(ctx, "res6977", "sto2527", "user1", armstorage.LocalUser{
		Properties: &armstorage.LocalUserProperties{
			AllowACLAuthorization: to.Ptr(true),
			GroupID:               to.Ptr[int32](2000),
			HasSSHPassword:        to.Ptr(true),
			HomeDirectory:         to.Ptr("homedirectory"),
			PermissionScopes: []*armstorage.PermissionScope{
				{
					Permissions:  to.Ptr("rwd"),
					ResourceName: to.Ptr("share1"),
					Service:      to.Ptr("file"),
				},
				{
					Permissions:  to.Ptr("rw"),
					ResourceName: to.Ptr("share2"),
					Service:      to.Ptr("file"),
				}},
			SSHAuthorizedKeys: []*armstorage.SSHPublicKey{
				{
					Description: to.Ptr("key name"),
					Key:         to.Ptr("ssh-rsa keykeykeykeykey="),
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.LocalUser = armstorage.LocalUser{
	// 	Name: to.Ptr("user1"),
	// 	Type: to.Ptr("Microsoft.Storage/storageAccounts/localUsers"),
	// 	ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res6977/providers/Microsoft.Storage/storageAccounts/sto2527/loalUsers/user1"),
	// 	Properties: &armstorage.LocalUserProperties{
	// 		AllowACLAuthorization: to.Ptr(true),
	// 		GroupID: to.Ptr[int32](2000),
	// 		HomeDirectory: to.Ptr("homedirectory"),
	// 		PermissionScopes: []*armstorage.PermissionScope{
	// 			{
	// 				Permissions: to.Ptr("rwd"),
	// 				ResourceName: to.Ptr("share1"),
	// 				Service: to.Ptr("file"),
	// 			},
	// 			{
	// 				Permissions: to.Ptr("rw"),
	// 				ResourceName: to.Ptr("share2"),
	// 				Service: to.Ptr("file"),
	// 		}},
	// 		Sid: to.Ptr("S-1-2-0-125132-153423-36235-1000"),
	// 		SSHAuthorizedKeys: []*armstorage.SSHPublicKey{
	// 			{
	// 				Description: to.Ptr("key name"),
	// 				Key: to.Ptr("ssh-rsa keykeykeykeykey="),
	// 		}},
	// 		UserID: to.Ptr[int32](1000),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");

/**
 * This sample demonstrates how to Create or update the properties of a local user associated with the storage account. Properties for NFSv3 enablement and extended groups cannot be set with other properties.
 *
 * @summary Create or update the properties of a local user associated with the storage account. Properties for NFSv3 enablement and extended groups cannot be set with other properties.
 * x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2024-01-01/examples/LocalUserCreate.json
 */
async function createLocalUser() {
  const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
  const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res6977";
  const accountName = "sto2527";
  const username = "user1";
  const properties = {
    allowAclAuthorization: true,
    groupId: 2000,
    hasSshPassword: true,
    homeDirectory: "homedirectory",
    permissionScopes: [
      { permissions: "rwd", resourceName: "share1", service: "file" },
      { permissions: "rw", resourceName: "share2", service: "file" },
    ],
    sshAuthorizedKeys: [{ description: "key name", key: "ssh-rsa keykeykeykeykey=" }],
  };
  const credential = new DefaultAzureCredential();
  const client = new StorageManagementClient(credential, subscriptionId);
  const result = await client.localUsersOperations.createOrUpdate(
    resourceGroupName,
    accountName,
    username,
    properties,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;

// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2024-01-01/examples/LocalUserCreate.json
// this example is just showing the usage of "LocalUsers_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://free.blessedness.top/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this StorageAccountLocalUserResource created on azure
// for more information of creating StorageAccountLocalUserResource, please refer to the document of StorageAccountLocalUserResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res6977";
string accountName = "sto2527";
string username = "user1";
ResourceIdentifier storageAccountLocalUserResourceId = StorageAccountLocalUserResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName, username);
StorageAccountLocalUserResource storageAccountLocalUser = client.GetStorageAccountLocalUserResource(storageAccountLocalUserResourceId);

// invoke the operation
StorageAccountLocalUserData data = new StorageAccountLocalUserData
{
    PermissionScopes = { new StoragePermissionScope("rwd", "file", "share1"), new StoragePermissionScope("rw", "file", "share2") },
    HomeDirectory = "homedirectory",
    SshAuthorizedKeys = {new StorageSshPublicKey
    {
    Description = "key name",
    Key = "ssh-rsa keykeykeykeykey=",
    }},
    HasSshPassword = true,
    GroupId = 2000,
    IsAclAuthorizationAllowed = true,
};
ArmOperation<StorageAccountLocalUserResource> lro = await storageAccountLocalUser.UpdateAsync(WaitUntil.Completed, data);
StorageAccountLocalUserResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountLocalUserData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

{
  "id": "/subscriptions/{subscription-id}/resourceGroups/res6977/providers/Microsoft.Storage/storageAccounts/sto2527/loalUsers/user1",
  "name": "user1",
  "type": "Microsoft.Storage/storageAccounts/localUsers",
  "properties": {
    "permissionScopes": [
      {
        "permissions": "rwd",
        "service": "file",
        "resourceName": "share1"
      },
      {
        "permissions": "rw",
        "service": "file",
        "resourceName": "share2"
      }
    ],
    "homeDirectory": "homedirectory",
    "sshAuthorizedKeys": [
      {
        "description": "key name",
        "key": "ssh-rsa keykeykeykeykey="
      }
    ],
    "sid": "S-1-2-0-125132-153423-36235-1000",
    "userId": 1000,
    "groupId": 2000,
    "allowAclAuthorization": true
  }
}

CreateNFSv3EnabledLocalUser

Sample request

PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res6977/providers/Microsoft.Storage/storageAccounts/sto2527/localUsers/user1?api-version=2024-01-01

{
  "properties": {
    "extendedGroups": [
      1001,
      1005,
      2005
    ],
    "isNFSv3Enabled": true
  }
}


import com.azure.resourcemanager.storage.fluent.models.LocalUserInner;
import java.util.Arrays;

/**
 * Samples for LocalUsersOperation CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/storage/resource-manager/Microsoft.Storage/stable/2024-01-01/examples/LocalUserCreateNFSv3Enabled.
     * json
     */
    /**
     * Sample code: CreateNFSv3EnabledLocalUser.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createNFSv3EnabledLocalUser(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.storageAccounts().manager().serviceClient().getLocalUsersOperations().createOrUpdateWithResponse(
            "res6977", "sto2527", "user1",
            new LocalUserInner().withExtendedGroups(Arrays.asList(1001, 1005, 2005)).withIsNFSv3Enabled(true),
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.storage import StorageManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-storage
# USAGE
    python local_user_create_nf_sv3_enabled.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = StorageManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="{subscription-id}",
    )

    response = client.local_users.create_or_update(
        resource_group_name="res6977",
        account_name="sto2527",
        username="user1",
        properties={"properties": {"extendedGroups": [1001, 1005, 2005], "isNFSv3Enabled": True}},
    )
    print(response)


# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2024-01-01/examples/LocalUserCreateNFSv3Enabled.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armstorage_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/86c6306649b02e542117adb46c61e8019dbd78e9/specification/storage/resource-manager/Microsoft.Storage/stable/2024-01-01/examples/LocalUserCreateNFSv3Enabled.json
func ExampleLocalUsersClient_CreateOrUpdate_createNfSv3EnabledLocalUser() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewLocalUsersClient().CreateOrUpdate(ctx, "res6977", "sto2527", "user1", armstorage.LocalUser{
		Properties: &armstorage.LocalUserProperties{
			ExtendedGroups: []*int32{
				to.Ptr[int32](1001),
				to.Ptr[int32](1005),
				to.Ptr[int32](2005)},
			IsNFSv3Enabled: to.Ptr(true),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.LocalUser = armstorage.LocalUser{
	// 	Name: to.Ptr("user1"),
	// 	Type: to.Ptr("Microsoft.Storage/storageAccounts/localUsers"),
	// 	ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res6977/providers/Microsoft.Storage/storageAccounts/sto2527/loalUsers/user1"),
	// 	Properties: &armstorage.LocalUserProperties{
	// 		AllowACLAuthorization: to.Ptr(true),
	// 		ExtendedGroups: []*int32{
	// 			to.Ptr[int32](1001),
	// 			to.Ptr[int32](1005),
	// 			to.Ptr[int32](2005)},
	// 			GroupID: to.Ptr[int32](2000),
	// 			HomeDirectory: to.Ptr("homedirectory"),
	// 			IsNFSv3Enabled: to.Ptr(true),
	// 			PermissionScopes: []*armstorage.PermissionScope{
	// 				{
	// 					Permissions: to.Ptr("rwd"),
	// 					ResourceName: to.Ptr("share1"),
	// 					Service: to.Ptr("file"),
	// 				},
	// 				{
	// 					Permissions: to.Ptr("rw"),
	// 					ResourceName: to.Ptr("share2"),
	// 					Service: to.Ptr("file"),
	// 			}},
	// 			Sid: to.Ptr("S-1-2-0-125132-153423-36235-1000"),
	// 			SSHAuthorizedKeys: []*armstorage.SSHPublicKey{
	// 				{
	// 					Description: to.Ptr("key name"),
	// 					Key: to.Ptr("ssh-rsa keykeykeykeykey="),
	// 			}},
	// 			UserID: to.Ptr[int32](1000),
	// 		},
	// 	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");

/**
 * This sample demonstrates how to Create or update the properties of a local user associated with the storage account. Properties for NFSv3 enablement and extended groups cannot be set with other properties.
 *
 * @summary Create or update the properties of a local user associated with the storage account. Properties for NFSv3 enablement and extended groups cannot be set with other properties.
 * x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2024-01-01/examples/LocalUserCreateNFSv3Enabled.json
 */
async function createNfSv3EnabledLocalUser() {
  const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
  const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res6977";
  const accountName = "sto2527";
  const username = "user1";
  const properties = {
    extendedGroups: [1001, 1005, 2005],
    isNFSv3Enabled: true,
  };
  const credential = new DefaultAzureCredential();
  const client = new StorageManagementClient(credential, subscriptionId);
  const result = await client.localUsersOperations.createOrUpdate(
    resourceGroupName,
    accountName,
    username,
    properties,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;

// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2024-01-01/examples/LocalUserCreateNFSv3Enabled.json
// this example is just showing the usage of "LocalUsers_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://free.blessedness.top/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this StorageAccountLocalUserResource created on azure
// for more information of creating StorageAccountLocalUserResource, please refer to the document of StorageAccountLocalUserResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res6977";
string accountName = "sto2527";
string username = "user1";
ResourceIdentifier storageAccountLocalUserResourceId = StorageAccountLocalUserResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName, username);
StorageAccountLocalUserResource storageAccountLocalUser = client.GetStorageAccountLocalUserResource(storageAccountLocalUserResourceId);

// invoke the operation
StorageAccountLocalUserData data = new StorageAccountLocalUserData
{
    ExtendedGroups = { 1001, 1005, 2005 },
    IsNfsV3Enabled = true,
};
ArmOperation<StorageAccountLocalUserResource> lro = await storageAccountLocalUser.UpdateAsync(WaitUntil.Completed, data);
StorageAccountLocalUserResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountLocalUserData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

{
  "id": "/subscriptions/{subscription-id}/resourceGroups/res6977/providers/Microsoft.Storage/storageAccounts/sto2527/loalUsers/user1",
  "name": "user1",
  "type": "Microsoft.Storage/storageAccounts/localUsers",
  "properties": {
    "permissionScopes": [
      {
        "permissions": "rwd",
        "service": "file",
        "resourceName": "share1"
      },
      {
        "permissions": "rw",
        "service": "file",
        "resourceName": "share2"
      }
    ],
    "homeDirectory": "homedirectory",
    "sshAuthorizedKeys": [
      {
        "description": "key name",
        "key": "ssh-rsa keykeykeykeykey="
      }
    ],
    "sid": "S-1-2-0-125132-153423-36235-1000",
    "userId": 1000,
    "groupId": 2000,
    "allowAclAuthorization": true,
    "extendedGroups": [
      1001,
      1005,
      2005
    ],
    "isNFSv3Enabled": true
  }
}

UpdateLocalUser

Sample request

PUT https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res6977/providers/Microsoft.Storage/storageAccounts/sto2527/localUsers/user1?api-version=2024-01-01

{
  "properties": {
    "homeDirectory": "homedirectory2",
    "hasSharedKey": false,
    "hasSshPassword": false,
    "hasSshKey": false,
    "groupId": 3000,
    "allowAclAuthorization": false,
    "extendedGroups": [
      1001,
      1005,
      2005
    ],
    "isNFSv3Enabled": true
  }
}


import com.azure.resourcemanager.storage.fluent.models.LocalUserInner;
import java.util.Arrays;

/**
 * Samples for LocalUsersOperation CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/storage/resource-manager/Microsoft.Storage/stable/2024-01-01/examples/LocalUserUpdate.json
     */
    /**
     * Sample code: UpdateLocalUser.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void updateLocalUser(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.storageAccounts().manager().serviceClient().getLocalUsersOperations().createOrUpdateWithResponse(
            "res6977", "sto2527", "user1",
            new LocalUserInner().withHomeDirectory("homedirectory2").withHasSharedKey(false).withHasSshKey(false)
                .withHasSshPassword(false).withGroupId(3000).withAllowAclAuthorization(false)
                .withExtendedGroups(Arrays.asList(1001, 1005, 2005)).withIsNFSv3Enabled(true),
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.storage import StorageManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-storage
# USAGE
    python local_user_update.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = StorageManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="{subscription-id}",
    )

    response = client.local_users.create_or_update(
        resource_group_name="res6977",
        account_name="sto2527",
        username="user1",
        properties={
            "properties": {
                "allowAclAuthorization": False,
                "extendedGroups": [1001, 1005, 2005],
                "groupId": 3000,
                "hasSharedKey": False,
                "hasSshKey": False,
                "hasSshPassword": False,
                "homeDirectory": "homedirectory2",
                "isNFSv3Enabled": True,
            }
        },
    )
    print(response)


# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2024-01-01/examples/LocalUserUpdate.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armstorage_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/86c6306649b02e542117adb46c61e8019dbd78e9/specification/storage/resource-manager/Microsoft.Storage/stable/2024-01-01/examples/LocalUserUpdate.json
func ExampleLocalUsersClient_CreateOrUpdate_updateLocalUser() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewLocalUsersClient().CreateOrUpdate(ctx, "res6977", "sto2527", "user1", armstorage.LocalUser{
		Properties: &armstorage.LocalUserProperties{
			AllowACLAuthorization: to.Ptr(false),
			ExtendedGroups: []*int32{
				to.Ptr[int32](1001),
				to.Ptr[int32](1005),
				to.Ptr[int32](2005)},
			GroupID:        to.Ptr[int32](3000),
			HasSharedKey:   to.Ptr(false),
			HasSSHKey:      to.Ptr(false),
			HasSSHPassword: to.Ptr(false),
			HomeDirectory:  to.Ptr("homedirectory2"),
			IsNFSv3Enabled: to.Ptr(true),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.LocalUser = armstorage.LocalUser{
	// 	Name: to.Ptr("user1"),
	// 	Type: to.Ptr("Microsoft.Storage/storageAccounts/localUsers"),
	// 	ID: to.Ptr("/subscriptions/{subscription-id}/resourceGroups/res6977/providers/Microsoft.Storage/storageAccounts/sto2527/loalUsers/user1"),
	// 	Properties: &armstorage.LocalUserProperties{
	// 		AllowACLAuthorization: to.Ptr(false),
	// 		ExtendedGroups: []*int32{
	// 			to.Ptr[int32](1001),
	// 			to.Ptr[int32](1005),
	// 			to.Ptr[int32](2005)},
	// 			GroupID: to.Ptr[int32](3000),
	// 			HasSharedKey: to.Ptr(false),
	// 			HasSSHKey: to.Ptr(false),
	// 			HasSSHPassword: to.Ptr(false),
	// 			HomeDirectory: to.Ptr("homedirectory2"),
	// 			IsNFSv3Enabled: to.Ptr(true),
	// 			Sid: to.Ptr("S-1-2-0-3528686663-1788730862-2791910117-1000"),
	// 			UserID: to.Ptr[int32](1000),
	// 		},
	// 	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");

/**
 * This sample demonstrates how to Create or update the properties of a local user associated with the storage account. Properties for NFSv3 enablement and extended groups cannot be set with other properties.
 *
 * @summary Create or update the properties of a local user associated with the storage account. Properties for NFSv3 enablement and extended groups cannot be set with other properties.
 * x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2024-01-01/examples/LocalUserUpdate.json
 */
async function updateLocalUser() {
  const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
  const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res6977";
  const accountName = "sto2527";
  const username = "user1";
  const properties = {
    allowAclAuthorization: false,
    extendedGroups: [1001, 1005, 2005],
    groupId: 3000,
    hasSharedKey: false,
    hasSshKey: false,
    hasSshPassword: false,
    homeDirectory: "homedirectory2",
    isNFSv3Enabled: true,
  };
  const credential = new DefaultAzureCredential();
  const client = new StorageManagementClient(credential, subscriptionId);
  const result = await client.localUsersOperations.createOrUpdate(
    resourceGroupName,
    accountName,
    username,
    properties,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Storage.Models;
using Azure.ResourceManager.Storage;

// Generated from example definition: specification/storage/resource-manager/Microsoft.Storage/stable/2024-01-01/examples/LocalUserUpdate.json
// this example is just showing the usage of "LocalUsers_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://free.blessedness.top/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this StorageAccountLocalUserResource created on azure
// for more information of creating StorageAccountLocalUserResource, please refer to the document of StorageAccountLocalUserResource
string subscriptionId = "{subscription-id}";
string resourceGroupName = "res6977";
string accountName = "sto2527";
string username = "user1";
ResourceIdentifier storageAccountLocalUserResourceId = StorageAccountLocalUserResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName, username);
StorageAccountLocalUserResource storageAccountLocalUser = client.GetStorageAccountLocalUserResource(storageAccountLocalUserResourceId);

// invoke the operation
StorageAccountLocalUserData data = new StorageAccountLocalUserData
{
    HomeDirectory = "homedirectory2",
    HasSharedKey = false,
    HasSshKey = false,
    HasSshPassword = false,
    GroupId = 3000,
    IsAclAuthorizationAllowed = false,
    ExtendedGroups = { 1001, 1005, 2005 },
    IsNfsV3Enabled = true,
};
ArmOperation<StorageAccountLocalUserResource> lro = await storageAccountLocalUser.UpdateAsync(WaitUntil.Completed, data);
StorageAccountLocalUserResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
StorageAccountLocalUserData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

{
  "id": "/subscriptions/{subscription-id}/resourceGroups/res6977/providers/Microsoft.Storage/storageAccounts/sto2527/loalUsers/user1",
  "name": "user1",
  "type": "Microsoft.Storage/storageAccounts/localUsers",
  "properties": {
    "homeDirectory": "homedirectory2",
    "sid": "S-1-2-0-3528686663-1788730862-2791910117-1000",
    "hasSharedKey": false,
    "hasSshPassword": false,
    "hasSshKey": false,
    "userId": 1000,
    "groupId": 3000,
    "allowAclAuthorization": false,
    "extendedGroups": [
      1001,
      1005,
      2005
    ],
    "isNFSv3Enabled": true
  }
}

Definitions

Name	Description
createdByType	The type of identity that created the resource.
ErrorResponse	An error response from the storage resource provider.
ErrorResponseBody	Error response body contract.
LocalUser	The local user associated with the storage accounts.
PermissionScope
SshPublicKey
systemData	Metadata pertaining to creation and last modification of the resource.

createdByType

Enumeration

The type of identity that created the resource.

Value	Description
User
Application
ManagedIdentity
Key

ErrorResponse

Object

An error response from the storage resource provider.

Name	Type	Description
error	ErrorResponseBody	Azure Storage Resource Provider error response body.

ErrorResponseBody

Object

Error response body contract.

Name	Type	Description
code	string	An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
message	string	A message describing the error, intended to be suitable for display in a user interface.

LocalUser

Object

The local user associated with the storage accounts.

Name	Type	Description
id	string	Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
name	string	The name of the resource
properties.allowAclAuthorization	boolean	Indicates whether ACL authorization is allowed for this user. Set it to false to disallow using ACL authorization.
properties.extendedGroups	integer[] (int32)	Supplementary group membership. Only applicable for local users enabled for NFSv3 access.
properties.groupId	integer (int32)	An identifier for associating a group of users.
properties.hasSharedKey	boolean	Indicates whether shared key exists. Set it to false to remove existing shared key.
properties.hasSshKey	boolean	Indicates whether ssh key exists. Set it to false to remove existing SSH key.
properties.hasSshPassword	boolean	Indicates whether ssh password exists. Set it to false to remove existing SSH password.
properties.homeDirectory	string	Optional, local user home directory.
properties.isNFSv3Enabled	boolean	Indicates if the local user is enabled for access with NFSv3 protocol.
properties.permissionScopes	PermissionScope[]	The permission scopes of the local user.
properties.sid	string	A unique Security Identifier that is generated by the server.
properties.sshAuthorizedKeys	SshPublicKey[]	Optional, local user ssh authorized keys for SFTP.
properties.userId	integer (int32)	A unique Identifier that is generated by the server.
systemData	systemData	Metadata pertaining to creation and last modification of the resource.
type	string	The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

PermissionScope

Object

Name	Type	Description
permissions	string	The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), Create (c), Modify Ownership (o), and Modify Permissions (p).
resourceName	string	The name of resource, normally the container name or the file share name, used by the local user.
service	string	The service used by the local user, e.g. blob, file.

SshPublicKey

Object

Name	Type	Description
description	string	Optional. It is used to store the function/usage of the key
key	string	Ssh public key base64 encoded. The format should be: '<keyType> <keyData>', e.g. ssh-rsa AAAABBBB

systemData

Object

Metadata pertaining to creation and last modification of the resource.

Name	Type	Description
createdAt	string (date-time)	The timestamp of resource creation (UTC).
createdBy	string	The identity that created the resource.
createdByType	createdByType	The type of identity that created the resource.
lastModifiedAt	string (date-time)	The timestamp of resource last modification (UTC)
lastModifiedBy	string	The identity that last modified the resource.
lastModifiedByType	createdByType	The type of identity that last modified the resource.

Share via

Local Users - Create Or Update

URI Parameters

Request Body

Responses

Security

azure_auth

Scopes

Examples

CreateLocalUser

Sample request

Sample response

CreateNFSv3EnabledLocalUser

Sample request

Sample response

UpdateLocalUser

Sample request

Sample response

Definitions

createdByType

ErrorResponse

ErrorResponseBody

LocalUser

PermissionScope

SshPublicKey

systemData