Menu
I am new to Azure and learning the technologies in Azure.
Storage Account Authentications:- Storage Access Keys Shared Access Signature (SAS)
In SAS, I see there are 2 types for SAS such as Account and Service SAS.
I have generated SAS token in Azure Portal. Refer here 
How can I use SAS token, Blob service SAS URL, File service SAS URL, Table service SAS URL, Queue service SAS URL ?
I am not able to understand where I can find or how do I generate or use Account and Service SAS by above screen shot.
Kindly provide me example to understand it.
899
When to use a shared access signature. Use a SAS to give secure access to resources in your storage account to any client who does not otherwise have permissions to those resources. A common scenario where a SAS is useful is a service where users read and write their own data to your storage account.
A shared access signature (SAS) is a URI that grants restricted access rights to Azure Storage resources. You can provide a shared access signature to clients who shouldn't be trusted with your storage account key but who need access to certain storage account resources.
A shared access signature (SAS) enables you to grant limited access to containers and blobs in your storage account. When you create a SAS, you specify its constraints, including which Azure Storage resources a client is allowed to access, what permissions they have on those resources, and how long the SAS is valid.
A Shared Access Signature provides a way to grant access to Azure storage resources at a granular, controlled level without having to share the storage account key. An Ad-hoc SAS enables all the attributes to be defined at time of creation, for example the expiry time and the rights.
Azure storage accounts come in two flavors: standard accounts, which provide access to Azure Storage services such as tables, queues, files, blobs, and disks; and blob storage accounts, which are optimized for blob storage. But whichever account type you choose, a master key is used to grant administrative access.
But if you want to grant limited or temporary access, giving away your storage account key isn’t the best idea. To solve this problem, Azure uses Shared Access Signatures (SAS) for safely delegating access to objects in storage. A Shared Access Signature is a Uniform Resource Identifier (URI) that includes all the information about the resources to which you want to grant access, and relevant permissions in the form of a token.
More SAS Use Cases please refer to this link.
@Gaurav Mantri said, you also could learn from the link.
You could get SAS from Azure Portal.
Update:
Beginning with version 2015-04-05, Azure Storage supports two types of shared access signatures (SAS):
A service-level SAS, described in this topic. The service SAS delegates access to a resource in just one of the storage services: the Blob, Queue, Table, or File service.
An account-level SAS, introduced with version 2015-04-05. The account SAS delegates access to resources in one or more of the storage services. All of the operations available via a service SAS are also available via an account SAS.
More information please refer to this link.
@Karan
For an Account level SAS click all the allowed services & resource types. It is up to you decide what permissions they have and when you want the SAS to work and expire.
To create a Service Level SAS you would just deselect the Allowed Services you don’t want. For instance if I wanted to create a Blob Service SAS I would just select Blob..
To understand the diff by the using the token you have generated, simply try accessing/updating something which you have NOT allowed in your SAS token [allow everything (Account SAS) vs allow only one (Service SAS) service &resource]
94
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
