How to write a PowerShell script which export ACL permissions from all the containers of all GEn2 Storage account in subscription?

We have multiple subscriptions with dozens of resource groups and each RG contains Gen 2 storage account. We need to export ACL permissions from all the containers of all the subfolders in each storage account i.e. Gen2. I have written 1 script which gives me ACL permissions of only parent folder not the sub-folders. Any suggestions to export ACL permissions of sub-folders as well?

Connect-AzAccount


$storageAccounts = Get-AzStorageAccount 


$results = foreach ($storageAccount in $storageAccounts) 


  {

    $containers = Get-AzStorageContainer -Context $storageAccount.Context

    foreach ($container in $containers) 

{

        $filesystem = Get-AzDataLakeGen2Item -Context $storageAccount.Context -FileSystem 
        $container.Name
        $s = $storageAccount.storageaccountname
        $r = $storageAccount.ResourceGroupName
        $filesystemname = $container.Name
        $aclpermission = $filesystem.ACL.Permissions -join ","
        $aclaccesscontroltype=$filesystem.ACL.AccessControlType -join ","

        [PSCustomObject]@{
            StorageAccountName = $s
            ResourceGroupName = $r 
            ContainerName = $filesystemname
            ACLpermission = $aclpermission
            ACLaccesscontroltype=$aclaccesscontroltype
        }
    }
}

$results | Export-Csv -Path "output.csv" -NoTypeInformation

How to write a PowerShell script that exports ACL permissions from all the containers of all GEn2 Storage accounts in subscription? Any suggestions to export ACL permissions of sub-folders as well?

You can use the below PowerShell script to export ACL permissions of Container and subfolders.

Script:

Connect-AzAccount

$storageAccounts = Get-AzStorageAccount 

$results = foreach ($storageAccount in $storageAccounts) {
    $containers = Get-AzStorageContainer -Context $storageAccount.Context
    foreach ($container in $containers) {
        $filesystem = Get-AzDataLakeGen2Item -Context $storageAccount.Context -FileSystem $container.Name
        $subfolders = Get-AzDataLakeGen2ChildItem -Context $storageAccount.Context -FileSystem $container.Name -Path "/"
        foreach ($subfolder in $subfolders) {
            $subfolderitem = Get-AzDataLakeGen2Item -Context $storageAccount.Context -FileSystem $container.Name -Path $subfolder.Name
            $s = $storageAccount.storageaccountname
            $r = $storageAccount.ResourceGroupName
            $filesystemname = $container.Name
            $subfoldername = $subfolder.Name
            $aclpermission = $filesystem.ACL.Permissions -join ","
            $subfolderaclpermission = $subfolderitem.ACL.Permissions -join ","
            $aclaccesscontroltype = $filesystem.ACL.AccessControlType -join ","
            $subfolderaccesscontroltype = $subfolderitem.ACL.AccessControlType -join ","
    
            [PSCustomObject]@{
                StorageAccountName = $s
                ResourceGroupName = $r 
                ContainerName = $filesystemname
                Subfoldername = $subfoldername
                ACLpermission = $aclpermission
                ACLaccesscontroltype = $aclaccesscontroltype
                SubfolderACLpermission = $subfolderaclpermission
                SubfolderaccessControlType = $subfolderaccesscontroltype
            }
        }
    }
}

$results | Export-Csv -Path "output.csv" -NoTypeInformation

The above PowerShell script retrieves information about Azure Data Lake Gen2 items and exports the results to a CSV file. It iterates through each storage account, container, and subfolder, and retrieves the ACL information for each item. Finally, it creates a custom object that contains the relevant information and exports it to a CSV file.

Output: