locked
ADLS Gen 2 SAS Token for Directories RRS feed

  • Question

  • Hi Team,

    Is it possible to create SAS token for a specific folder in the ADLS Gen 2 storage account? Can this be done via portal or via scripts? 

    Thanks

    Monday, May 18, 2020 12:13 PM

Answers

  • Hi KamaleshKannan1,

    Sorry for the late response. You can associate a security principal with an access level to your directories and files from your application. (Note: ACLs apply only to security principals in the same tenant)

    Please refer to this doc to Set directory level permissions by using access control lists

    If you are granting permissions by using only ACLs (no RBAC), then to grant a security principal read or write access to a folder, you'll need to give the security principal Execute permissions to the container, and to each folder in the hierarchy of folders that lead to the desired folder/file.

    Below are few sample scenarios related to permissions: 




    Here is an helpful blog on how to use a Service principal: How to make REST API call for ADLS Gen2 storage via a Service Principal


    Hope this helps. 


    Thank you

    If a post helps to resolve your issue, please click the "Mark as Answer" of that post and/or click Answered "Vote as helpful" button of that post. By marking a post as Answered and/or Helpful, you help others find the answer faster.

    Friday, May 22, 2020 12:00 AM

All replies

  • Hi KamaleshKannan1

    Thanks for your query. Unfortunately it is not possible to create SAS token for a specific folder in ADLS Gen2 storage account. But you can leverage Access Control List to grant permission to a specific file or directory. 

    For more details about ACLs please refer to this doc: Access control lists on files and directories in ADLS Gen2

    If you have any feedback/suggestion regarding ADLS Gen2, please feel free to share your thoughts in user voice forum: https://feedback.azure.com/forums/217298-storage 

    Hope this helps.

    Thank you

    If a post helps to resolve your issue, please click the "Mark as Answer" of that post and/or click Answered"Vote as helpful" button of that post. By marking a post as Answered and/or Helpful, you help others find the answer faster.

    Monday, May 18, 2020 7:35 PM
  • Thanks for your reply KranthiPakala-MSFT. I have a follow up question:

    I would like an application to load some files in a specific directory. In this use case, I thought SAS token for a particular directory will be effective. If not, how would you suggest this?

    Regards


    Tuesday, May 19, 2020 9:45 AM
  • Hi KamaleshKannan1,

    Sorry for the late response. You can associate a security principal with an access level to your directories and files from your application. (Note: ACLs apply only to security principals in the same tenant)

    Please refer to this doc to Set directory level permissions by using access control lists

    If you are granting permissions by using only ACLs (no RBAC), then to grant a security principal read or write access to a folder, you'll need to give the security principal Execute permissions to the container, and to each folder in the hierarchy of folders that lead to the desired folder/file.

    Below are few sample scenarios related to permissions: 




    Here is an helpful blog on how to use a Service principal: How to make REST API call for ADLS Gen2 storage via a Service Principal


    Hope this helps. 


    Thank you

    If a post helps to resolve your issue, please click the "Mark as Answer" of that post and/or click Answered "Vote as helpful" button of that post. By marking a post as Answered and/or Helpful, you help others find the answer faster.

    Friday, May 22, 2020 12:00 AM
  • Thanks for the reference  KranthiPakala-MSFT
    Tuesday, May 26, 2020 10:38 AM