![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 55.00000000000001%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMC%3C/text%3E%3C/svg%3E)
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,471 questions
Hello Manoj,
Thank you for your question!
I understand that you've configured container volumes in your Azure Container Apps Environment to mount both a storage account (presumably for Blob storage) and a file share. You've also assigned the SMB contributor role to the Container App's managed identity. However, you're still facing access issues with the file share
Issue with the file share
Go to your Azure File Share in the Azure portal, navigate to "Access control (IAM)", and see if your Container App's managed identity is listed with the "Storage File Data SMB Share Contributor" role assigned specifically to this file share. If not Double-check where you assigned the "Storage File Data SMB Share Contributor" role to the Container App's managed identity. It needs to be assigned at the File Share level or a parent level (like the Storage Account) with appropriate inheritance. Assigning it at the Storage Account level might not automatically grant access to individual file shares unless inheritance is enabled. Post which If you can get a shell into your running container instance, try to list the contents of the mounted directory to see if the mount is successful and if permissions are the issue.
- Ensure the volume mount configuration in your Container App is correctly pointing to the
apifile share. Verify the server path and share name are accurate. - For Azure File Shares, the server path typically looks like
\\<storage_account_name>.file.core.windows.net\<share_name>. - The mount path within your container needs to be correctly specified in your Container App's deployment configuration.
SMB contributor role
Firstly, Verify the system-assigned status or the correct user-assigned identity is associated with your Container App in the Azure portal. Note its Principal ID. Ensure the firewall settings on your Storage Account are not blocking access from your Container App Environment's network. If you have VNet integration, check the NSGs associated with your Container App Environment's subnet and the Storage Account's network settings to ensure SMB traffic (port 445) is allowed.
Hope the above answer helps! Please let us know do you have any further queries.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.