none
Why the SharedAccessPolicies has number 5 limitations on a single container, queue, or table?

    Question

  • We are intend to use SharedAccessSignature for our customers, but from our investigation it seems we cannot set permissions which owns more than 5 SharedAccessPolicies to the queue, container, or table.

    Here is our sample code:

    private static void Main(string[] args)
    {
        var queue = GetQueue();
        var currentPermissions = queue.GetPermissions();
        Console.WriteLine("Current permissions: {0}", currentPermissions.SharedAccessPolicies.Count);
    
        currentPermissions.SharedAccessPolicies.Add(Guid.NewGuid().ToString(), new SharedAccessQueuePolicy
        {
            Permissions = SharedAccessQueuePermissions.Add,
            SharedAccessExpiryTime = DateTime.UtcNow.AddYears(1)
        });
    
        queue.SetPermissions(currentPermissions);
        Console.WriteLine("After: {0}", queue.GetPermissions().SharedAccessPolicies.Count);
    
        Console.ReadKey();
    }
    
    private static CloudQueue GetQueue()
    {
        var storageAccount = CloudStorageAccount.DevelopmentStorageAccount;
        var queueClient = storageAccount.CreateCloudQueueClient();
        var queue = queueClient.GetQueueReference("abcd");
        queue.CreateIfNotExists();
    
        return queue;
    }

    We would assign a GUID for each customer, used with which the customer can add its client to our Azure Queue permission table. But due to the limitation, only maximum five customers can use our service.

    Here is the exception content:

    Too many '6' shared access policy identifiers provided. Server does not support setting more than '5' on a single container, queue, or table.

    Also, we use tools to reflector the related code, and found the place thrown the exception:

    internal static void WriteSharedAccessIdentifiers<T>(IDictionary<string, T> sharedAccessPolicies, Stream outputStream, Action<T, XmlWriter> writePolicyXml)
    {
      CommonUtility.AssertNotNull("sharedAccessPolicies", (object) sharedAccessPolicies);
      CommonUtility.AssertNotNull("outputStream", (object) outputStream);
      if (sharedAccessPolicies.Count > 5)
      {
    	throw new ArgumentOutOfRangeException("sharedAccessPolicies", string.Format((IFormatProvider) CultureInfo.CurrentCulture, "Too many '{0}' shared access policy identifiers provided. Server does not support setting more than '{1}' on a single container, queue, or table.", new object[2]
    	{
    	  (object) sharedAccessPolicies.Count,
    	  (object) 5
    	}));
      }
      else
      {
    	...
      }
    }

    But we didn't find any official explanation for this fact, can anyone point me some documentation about the limitaiton number 5? And also, we don't know what's the meaning of this limitaiton.

    Thanks very much.

    Tuesday, August 12, 2014 8:30 AM

Answers