How to add a new security principal to access control list of ADLS without modifying existing entries?

[vivuu1989]

its very strange that Microsoft document is not clear about the step to create a new ACL entry in the existing blobs existing directory without modifying any existing ACL entry.

Not understading, how to achieve the below point mentioned in the docs.
https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-acl-cli#:~:text=To%20update%20an%20ACL%2C%20create%20a%20new%20ACL%20object%20with%20the%20ACL%20entry%20that%20you%20want%20to%20update%2C%20and%20then%20use%20that%20object%20in%20update%20ACL%20operation.%20Do%20not%20get%20the%20existing%20ACL%2C%20just%20provide%20ACL%20entries%20to%20be%20updated.

"To update an ACL, create a new ACL object with the ACL entry that you want to update, and then use that object in update ACL operation. Do not get the existing ACL, just provide ACL entries to be updated."
So what I tried is below

az storage fs access set --permissions "user:objctidxxxxxxxxxx:rwx" -p /testdata01blob01directory01/testdatablob01directory01sub01 -f  testdatablob01 --account-name testdata0

I am getting below error, tried with different syntaxes but no luck

(InvalidPermission) The permission value is invalid.
RequestId:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

[yonzhan]

storage

[vivuu1989]

any update?

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @xgithubtriage.

Issue Details

---

its very strange that Microsoft document is not clear about the step to create a new ACL entry in the existing blobs existing directory without modifying any existing ACL entry.

Not understading, how to achieve the below point mentioned in the docs.
https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-acl-cli#:~:text=To%20update%20an%20ACL%2C%20create%20a%20new%20ACL%20object%20with%20the%20ACL%20entry%20that%20you%20want%20to%20update%2C%20and%20then%20use%20that%20object%20in%20update%20ACL%20operation.%20Do%20not%20get%20the%20existing%20ACL%2C%20just%20provide%20ACL%20entries%20to%20be%20updated.

"To update an ACL, create a new ACL object with the ACL entry that you want to update, and then use that object in update ACL operation. Do not get the existing ACL, just provide ACL entries to be updated."
So what I tried is below

az storage fs access set --permissions "user:objctidxxxxxxxxxx:rwx" -p /testdata01blob01directory01/testdatablob01directory01sub01 -f  testdatablob01 --account-name testdata0

I am getting below error, tried with different syntaxes but no luck

(InvalidPermission) The permission value is invalid.
RequestId:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Author:	vivuu1989
Assignees:	evelyn-ys
Labels:	Storage, Service Attention, customer-reported
Milestone:	Backlog

[yonzhan]

route to service team