Don't want GOOGLE to see the photos or files that come on Azure blob RRS feed

  • Question

  • 1: You only have to create, delete and view the pictures. However, Google or others should not only access them at all.

    2. You only have to create, delete and view files that the company creates for the company.
    Sunday, July 14, 2019 10:09 PM


All replies

  • @Jesper Petersen May I know what exactly are you trying to perform (Can you bit elaborate more on the issue)?

    You may check RBAC to Blob Storage. You can customize the policies.


    Azure Active Directory (Azure AD) and Role-Based Access Control (RBAC) are supported for Azure Storage for both resource management operations and data operations, as follows:

    You can assign RBAC roles scoped to the storage account to security principals and use Azure AD to authorize resource management operations such as key management.

    Azure AD integration is supported for blob and queue data operations. You can assign RBAC roles scoped to a subscription, resource group, storage account, or an individual container or queue to a security principal or a managed identity for Azure resources. For more information, see Authenticate access to Azure Storage using Azure Active Directory.

    For more detailed information refer to Azure Storage security guide

    Kindly let us know if the above helps or you need further assistance on this issue.

    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members

    Monday, July 15, 2019 5:06 AM
  • What I want to do is to:

    The pictures must in no way be accessible to Google, as you should not only see the pictures that are on the website of the employees you have employed in the company.

    Thus, the files to upload. It can be files that employees in the single company must have access to. It can be some important files from the employee of the single company that only read them and open them while using them.

    Both of the two points I do not want google have access to them.

    As it is right now you have to be logged in to the page and have a specific rank from the mssql database to only see pictures of the employee. The URL to which the image is not in the database. Only the name of the image is in the database.

    Thus, the files that the company upload will only be the employee and owner of the company with a specific rank having access.

    There can be many companies that have many employees and there can also be many employees who have added to several companies.
    Monday, July 15, 2019 5:54 PM
  • Three types of Public Access level: (Access from the internet, including the web search you mentioned)
    Will not be visible by anyone besides the storage account owner.
    Blob(Anonymous read access for blobs only):
    This allows anonymous(unauthenticated) access to blobs
    Container(Anonymous read access for containers and blobs):
    This allows anonymous(unauthenticated) access to blobs and containers.

    Best way for your scenario:
    Since you want to have specific users to access specific blobs, you should look at methods of Authentication to blobs:
    There are three ways: Using Account key and name(if an individual has them they can access all files)

    Azure AD authentication:
    You can choose what specific users can access what specific objects.

    The shared access signature allows customers to access specific objects within a specific time frame(Expires after a definite time)
    You can fine more information on all the above 
     here: https://docs.microsoft.com/en-us/rest/api/storageservices/authorization-for-the-azure-storage-services

    Monday, July 15, 2019 10:59 PM
  • For me, it seems completely gone in a way ... (Enough of all that is new to me to look at it ..)

    That is to say, I have to sit every time there is a customer who has bought access to the page and create them myself?

    Can't I make a key or look like just that they just read it? but they can only read it if you have the unique key to it?
    Tuesday, July 16, 2019 12:02 AM
  • The more I read myself to it, etc. Then I find that Azure must have email or look like my customer and then you have to approve it?
    Is there really no easier way that the customer just wants to access it because I would rather not have it to be such that they have to approve etc .. It just has to be that Google or others cannot see them.
    Tuesday, July 16, 2019 1:09 AM
  • You can generate custom SAS keys, which you can set custom access: Either provide Read, Write access etc.. then you can send the customer the specific blob link(includes the sas signature), all the customer needs to do would be to click on the link you give them and they will access the blob(image or file or anything...) you can find more about it here: https://azure.microsoft.com/en-us/resources/samples/storage-dotnet-sas-getting-started/
    Tuesday, July 16, 2019 5:41 PM
  • Is there any update on the issue?

    If the suggested answer helped for your issue, do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Monday, July 22, 2019 4:38 AM
  •  @Jesper Petersen Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
    Wednesday, July 24, 2019 8:08 AM