Custom Access Policy for Azure Blob RRS feed

  • Question

  • Hello Team,

    Can we create custom Access Policies (Roles) for Azure blob.

    For example: <storageaccount>/<container>/<folderL1>/folderL2 must be given access only to "team1"   


    <storageaccount>/<container>/<folderL1>/folderL3 must be given access only to "team2"

    Currently, we can only IAM roles at storage and identifier access level at folders level but there is no way to combine both. In AWS, we can create custom JSON S3 policy such as: https://awspolicygen.s3.amazonaws.com/policygen.html (Condition Action).

    Wednesday, November 21, 2018 4:19 PM

All replies

  • Hi Abhi,

    can you clarify what folderL1, folderL2, and folderL3 are referring to?


    Wednesday, November 21, 2018 4:41 PM
  • I am assuming Folder1, 2 and 3 is the containers under Blob storage

    Additionally refer following to have an understanding on Container level permission in Azure BlOB

    Thursday, November 22, 2018 5:26 AM
  • Unfortunately we don't offer that specific feature, not a blob access level. ACLs we have for blobs can be modified/added on the container level and not on the blob side(folders in Azure = blobs) "The Blob service is based on a flat storage scheme, not a hierarchical scheme. However, you may specify a character or string delimiter within a blob name to create a virtual hierarchy." in your case"/" is the delimiter.

    The permission that can be given in the blob level is through the Access SAS in your scenario, you would provide "team1" with SAS for folderL2

    and "team2" with SAS for folderL3. Let me know if this helps.

    Wednesday, November 28, 2018 5:42 PM