Ability to grant basic/mimimum permissions for users to copy URLs within Azure Blob Storage (Storage Browser)

Question

In Azure, via Storage Explorer when viewing objects within your blob storage there is a way for you to copy URLs of induvial files.

I'm wondering if only this access/permission could be granted to a user (nothing more).

Thank you in-advance.

Answer 1

@Spencer Young Firstly, apologies for the delay in responding here!

Firstly, let me explain How RBAC works, Please refer to this thread which provide detailed information on roles.

It depends how you have mounted the Azure Storage Explorer. If you have used Access Key (Your storage account access keys are similar to a root password for your storage account. Always be careful to protect your access keys. Use Azure Key Vault to manage and rotate your keys securely. Avoid distributing access keys to other users, hard-coding them, or saving them anywhere in plain text that is accessible to others. Rotate your keys if you believe they may have been compromised)

• If you looking specific access(Read, List) to the Blob container, generate a SAS URL Container-> Click on context menu and Generate the SAS -> There you will find options to change/set the permission to the file and Generate a SAS token-> connect using SAS URL and you will limited access to the particular blob container

You can use SAS( Shared access signature) to limit the access to the users, See here for more information or Azure Active Directory (AAD) authorizes access rights to secured resources through Azure role-based access control

Additional information: Security recommendations for Blob storage

Authorize access to data in Azure Storage: https://learn.microsoft.com/en-us/azure/storage/common/authorize-data-access

Please let us know if you have any further queries. I’m happy to assist you further.

----------

Please do not forget to and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.