locked
Connect my Azure AD to storage account to assign roles to the user so that I can limit the access to the users for the particular resource that is storage accnt RRS feed

  • Question

  • From  @Nikhil__Reddy_Via Twitter to @AzureSupport

    Question: can we link Azure AD to storage account and get logs(write/delete operations)of users in storage account pls let me how if we can?

                                                                                            

    @Nikhil__Reddy_                                             
    Just to confirm, you want the log files for your user's activity on Azure Storage and you want this through Azure AD? Hi ,

    Actually we are trying to get logs in our storage accnt as it is a critical data we need to monitor the user operation in the storage like read write and delete operations , so we need to find the solution for this . We are seeking help in resolving the issue
    We want the users activity in the storage account like at what time the user authenticated the storage file and what action he performed to that storage accnt - And in the case of oracle server
    We have an oracle database on saas and we need to build an instance in azure cloud so that our client can take globally access the our application built in cloud .
    And we want to sync both oracle on-prem and cloud instances can you assist us in this deployment

    AZURESUPPORT

       We found some documentation that may help with  your oracle query:

    aka.ms/f_35H24zru In regards to your storage question, can you please create a forum post using the link provided previously. ^BG

       Yeah I'm trying to create a forum

       Hi may I know how to take database as a service in Azure

     AZURESUPPORT

       We're here to help. Could you provide us with more details on what you are looking to deploy?  ^DY

     We need a database as a service in azure

     AZURESUPPORT

       Please review this document and let us know if you need additional resources:

    aka.ms/d_QlMcsXTi ^SN

    we link Azure AD to storage if yes how can we link them

    Can we link AD to storage in azure if yes how can we link them both @azuread  

     If it is possible let me know how to set up it and I'f possible send some screenshots for reference it will be an added help for me

     Here's some documentation that may help: aka.ms/d_by2uwswf ^JI

     What role should I choose to give only read access to a user in my Azure active directory to a azure storage account and what role should I choose to give both read and write access but not delete access

    Yes it's ok but there is a issue when I choose reader as a role he is not able to look into files in the storage account

    And if I choose storage accnt contributor as a role he is able to delete the files in the storage account

     What I need is two roles in  which one should have permission to read the files in storage and another role which has both read and write but not delete access

     Can you provide a doc on calculation of dtus for data base AS a service

     We have installed the application and it's running in the server it will be automatically stopped after certain time or we have to terminate it Actually it's just load the word pad to type the post so I am unable to create a forum post

      I can type anything in the body it's just loading and so I am unable to do it

      Yes I am doing it in desktop as well as mobile

     AZURESUPPORT

    Understood. We will post on your behalf. First, can you please provide us with your detailed question. ^AB Actually I am trying to connect my Azure AD to storage accnt to assign roles to the user so that I can limit the access to the users for the particular resource that is storage accnt. The problem is after I assigning the role reader to a storage accnt the user is unable to open the files in the storage it is giving a notification there is no access for particular content If I asssing storage contributor as a role user can read write and also delete the files in storage accnt here comes the problem. What I am looking for I need is two roles in  which one should have permission only to read the files in storage and another role which has both read and write but not delete access - Can you please help me out in resolving the issue  

    Wednesday, October 11, 2017 6:56 AM

All replies


  • Understood. We will post on your behalf. First, can you please provide us with your detailed question. ^AB Actually I am trying to connect my Azure AD to storage accnt to assign roles to the user so that I can limit the access to the users for the particular resource that is storage accnt. The problem is after I assigning the role reader to a storage accnt the user is unable to open the files in the storage it is giving a notification there is no access for particular content If I asssing storage contributor as a role user can read write and also delete the files in storage accnt here comes the problem. What I am looking for I need is two roles in  which one should have permission only to read the files in storage and another role which has both read and write but not delete access - Can you please help me out in resolving the issue  

    Although there are different ways of securing access to your Storage Account as described in the Azure Storage Security Guide, the one that best fits your scenario is using Shared Access Signature. This is because RBAC roles aren’t meant to control access at the container level which is what you're looking for.

    -----------------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.


    • Proposed as answer by Md Shihab Wednesday, October 11, 2017 10:42 AM
    Wednesday, October 11, 2017 10:42 AM
  • hi,

    i had gone thorough the Shared Access Signature and generated the SAS token but I am unable to open the storage files using the SAS token generated pls can u help in this case and help me out in using the SAS service

    Wednesday, October 11, 2017 2:47 PM
  • Could you elaborate more on where exactly you’re facing the issue. Is there any particular error message you get?

    -----------------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Thursday, October 12, 2017 9:54 AM