Access at the container level (azure) versus blob level.

David Kim 66 Reputation points
2020-08-05T16:58:58.537+00:00

Access at the container level (azure) versus blob level.

If we want to set access at the blob level will the container level access need to reset?
Which permissions has priority,... blob level or container level?

For example if we set the permissions at the Blob level as read/write however the container level permissions are read only what is the final permissions level?,... is it read only or is it read/write for the blob?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,857 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,573 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Sumarigo-MSFT 44,816 Reputation points Microsoft Employee
    2020-08-28T07:10:48.167+00:00

    @David Kim Since we haven't heard back from you, If the issue still persist, please feel to respond/comment back. we are happy to assist you.

    • Storage Blob Data Owner: Use to set ownership and manage POSIX access control for Azure Data Lake Storage Gen2. For more information, see Access control in Azure Data Lake Storage Gen2.
    • Storage Blob Data Contributor: Use to grant read/write/delete permissions to Blob storage resources.
    • Storage Blob Data Reader: Use to grant read-only permissions to Blob storage resources.
    • Storage Blob Delegator: Get a user delegation key to use to create a shared access signature that is signed with Azure AD credentials for a container or blob.

    You can also SAS to set different level of access and it would be more effective at different container level

    You can assign RBAC roles that are scoped to the container. Please see Grant access to Azure blob and queue data with RBAC in the Azure portal.

    You can also use Azure CLI, PowerShell, or the Storage Resource Provider API to assign RBAC roles.

    Addition information: If the issue still persist, you can refer to this Q&A thread which provides some idea on your query: https://learn.microsoft.com/en-us/answers/questions/37646/how-to-set-access-permissions-for-azure-blob-stora.html

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.

    --------------------------------------------------------------------------------------------------------------------

    Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.