Share via

Using Azure Storage, is it possible to set a private blob in a public container ?

Marie-Lou P 20 Reputation points
2024-12-03T16:12:47.7833333+00:00

I have a public container with blobs for which I can get the public url
I want some blobs in this container to be private and only accessible using a SAS token.

Using the Microsoft Azure Storage Explorer, I generated a SAS token for a blob, the basic url without the SAS token still works, the url with the SAS token works till the token expires. Is it possible to remove the access using the basic url without SAS token ?

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,201 questions
0 comments
Accepted answer
  1. Vinod Kumar Reddy Chilupuri 4,185 Reputation points Microsoft External Staff Moderator
    2024-12-03T17:57:35.9833333+00:00

    Hi @Marie-Lou P
    Welcome to Microsoft Q&A, thanks for posting your query.

    No, it is not possible to set a private blob in a public container

    In Azure Blob Storage, access policies are applied at the container level, not at the individual blob level. When a container is configured as "public," all blobs in the container inherit that access policy and are publicly accessible without authentication.

    Once the blob is set to public access you cannot directly remove public access using the basic URL. To prevent access without a SAS token, you must change the access level of the container or blob to private or restricted. 

    If you want to make specific blobs private while keeping the rest of the container public, you will need to move those blobs to a separate private container. This way, the private blobs can only be accessed using a SAS token, while the public container remains accessible without restrictions for other blobs.

    https://learn.microsoft.com/en-us/azure/ai-services/translator/document-translation/how-to-guides/create-sas-tokens#create-sas-tokens-with-azure-storage-explorer
     

    Please feel free to contact if the issue persists, we will be glad to assist you closely. Please do consider clicking on "Accept Answer" and "Up-vote" on the post that helps you, as it can be beneficial to other community members.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 50,730 Reputation points MVP Volunteer Moderator
    2024-12-03T16:27:56.27+00:00

    You'd need to change the access level of the container to private

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.