locked
Restrict access blob RRS feed

  • Question

  • Hello, we have a storage with 3 blobs:

    Blob1

    Blob2

    Blob3

    We need 3 access (keys) in which every key has only access to a specific Blob:

    key1: access only Blob1

    key2: access only Blob2

    key3: access only Blob3

    Is that possible? I only see the way to generate SAS token related with the storage account, not with specific blob

    Wednesday, February 5, 2020 4:06 PM

All replies

  • You can create a blob-specific SAS key - as a matter of fact, this option is available directly in the Azure portal (SAS tab on the blob properties)
    hth
    Marcin

    Wednesday, February 5, 2020 4:10 PM
  • Inside the blob I only see:

    IAM

    Access Policy

    Properties

    Metadata

    SAS tab is only in the container's menu

    Wednesday, February 5, 2020 4:18 PM
  • Hi Daniel,

    Are you using General purpose v2 account?

    There is the "Generate SAS" tab on the blade displaying properties of individual blobs.

    Alternatively, you can use REST API or PowerShell/CLI for it

    https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-user-delegation-sas-create-powershell

    hth
    Marcin


    Wednesday, February 5, 2020 4:22 PM
  • You could browse to the blob itself, then right click on it, choose the option to Generate SAS, note, you will have to set an expiration and start time for which the key is going to be valid for:

    Wednesday, February 5, 2020 5:29 PM
  • Thanks Adam but what you say is over an specific object, I would like over the all folder.

    And also that the key /token never expired.

    Thursday, February 6, 2020 8:20 AM
  • Hi Daniel,

    your original post stated:

    "We need 3 access (keys) in which every key has only access to a specific Blob"

    Now you are stating:

    "I would like over the all folder"

    Which one is it?

    You can use SAS key on the blob, container, and account level

    hth
    Marcin

    Thursday, February 6, 2020 11:50 AM
  • Sorry about it.

    When I said "I would like over the all folder" is about the specific folder inside the blob (and applied to all the files who belongs to that folder)

    Thursday, February 6, 2020 12:04 PM
  • It's not clear to me what you mean by "the specific folder inside the blob".

    Blob is the atomic unit of permissioning in this case - blobs, by definition, do not represent structured storage (i.e. there is no specific format/structure applicable to the content of the blob

    hth
    Marcin

    Thursday, February 6, 2020 12:31 PM
  • Hi Daniel, That's correct it's still not supported yet, I'd recommend providing feedback here: https://feedback.azure.com/forums/217298-storage 
    Let me know if this helps.
    Friday, February 7, 2020 6:34 PM
  • @Daniel Martinez Rubio Is there any update on the issue?

    If the suggested answer helped for your issue, do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Monday, February 10, 2020 6:00 PM
  • @Daniel Martinez Rubio Is there any update on the issue?

    If the suggested answer helped for your issue, do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Tuesday, February 18, 2020 7:01 AM
  • Daniel Martinez Rubio Is there any update on the issue?

    If the suggested answer helped for your issue, do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Monday, February 24, 2020 7:14 PM
  • Daniel Martinez Rubio Is there any update on the issue?

    If the suggested answer helped for your issue, do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Thursday, February 27, 2020 8:48 AM