I am trying to add other user to a directory 'grandfather/' which is in container 'container1'. I have permissions of owner role and storage blob contributor role on Subscription and storage account level and the other user also having same permissions like me on subscription(owner) and storage account(blob contributor). I have rwx permissions on directory 'grandfather/' but still I couldn't able to add other user to 'grandfather/' directory.
Pasting some images to get more clear understanding.
I am using the below script to add a user to directory level permissions using ACL feature in ADLS2. However, facing some issues.
$ctx = New-AzStorageContext -StorageAccountName "vdsve"
Get the origin ACL
$acl = (Get-AzDataLakeGen2Item -Context $ctx -FileSystem "container1" -Path 'grandfather/').ACL
Update permission of a new ACL entry (if ACL entry with same AccessControlType/EntityId/DefaultScope not exist, will add a new ACL entry, else update permission of existing ACL entry)
$acl = Set-AzDataLakeGen2ItemAclObject -AccessControlType user -EntityId 5dc9dc7e-359d-4dd0-81b0-5d47c26b4969 -Permission rw- -InputObject $acl
set the new acl to the directory
update-AzDataLakeGen2Item -Context $ctx -FileSystem "container1" -Path 'grandfather/' -ACL $acl
This request is not authorized to perform this operation using this permission. RequestId:41b245b6-e01f-0012-4379-b130d7000000
| Time:2021-09-24T19:25:19.6219270Z Status: 403 (This request is not authorized to perform this operation using this permission.) ErrorCode:
| AuthorizationPermissionMismatch Headers: Server: Windows-Azure-HDFS/1.0,Microsoft-HTTPAPI/2.0 x-ms-error-code: AuthorizationPermissionMismatch
| x-ms-request-id: 41b245b6-e01f-0012-4379-b130d7000000 x-ms-version: 2020-04-08 x-ms-client-request-id: 0aaa8de1-65bb-4f75-9365-0a5fc3e0feb6 Date: Fri,
| 24 Sep 2021 19:25:19 GMT Content-Length: 227 Content-Type: application/json; charset=utf-8