You have a Microsoft Entra tenant containing an Azure Data Lake Storage Gen2 account named 'storage1'. The account has two containers: 'fs1' and 'fs2'. A Microsoft Entra group named 'DepartmentA' must be configured with the following requirements:

• The group must have read, write, and list permissions for all files in container 'fs1'.

• The group must have no access to any files in container 'fs2'.

• The principle of least privilege must be applied.

Which role should you assign to the 'DepartmentA' group?