Menu
I am developing an application that must have write-only access to an Azure Storage Blob container. If I just go with key-based access, the application will be capable of interacting way more than it is supposed to. All I need is Write-Only access permission to the container. In other words, the account used by the application must not expose the ability to read, list, or delete blobs; only write is allowed.
Is there any way to facilitate fine-tuned access using Role Based Access Control using either built in roles or Azure AD?
593
How about using SAS with w permission only (sp=w).
https://learn.microsoft.com/en-us/rest/api/storageservices/Constructing-an-Account-SAS?redirectedfrom=MSDN
- Read (r): Valid for all signed resources types (Service, Container, and Object). Permits read permissions to the specified resource type.
- Write (w): Valid for all signed resources types (Service, Container, and Object). Permits write permissions to the specified resource type.
- Delete (d): Valid for Container and Object resource types, except for queue messages.
- List (l): Valid for Service and Container resource types only.
- Add (a): Valid for the following Object resource types only: queue messages, table entities, and append blobs.
- Create (c): Valid for the following Object resource types only: blobs and files. Users can create new blobs or files, but may not overwrite existing blobs or files.
- Update (u): Valid for the following Object resource types only: queue messages and table entities.
- Process (p): Valid for the following Object resource type only: queue messages.
175
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
