Azure storage : SAS token on containers

@Vishwesh Anil Chaudhari Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

Let me explain difference between account level SAS and Container level SAS.

The signed resource types that are accessible with the account SAS. Service (s): Access to service-level APIs; Container (c): Access to container-level APIs; Object (o): Access to object-level APIs for blobs, queue messages, table entities, and files.

Ex: When you generate shared access signature for all service it includes allowed resource types (The services accessible with the account SAS) and The services accessible with the account SAS https://su**2std.blob.core.windows.ne**t/?sv=2020-08-04&ss=bfqt&srt=sc&s**p=rwdlacupitfx&se=2022-04-08T19:43:50Z&st=2022-04-08T11:43:50Z&spr=https&sig=U

The signed services accessible with the account SAS. Possible values include: Blob (b), Queue (q), Table (t), File (f).

When generate same SAS token for the container it's only for that specified container. https://sub***d.blob.core.windows.net/office-desktop**?sp=racwdl&st=2022-04-08T11:35:10Z&se=2022-04-08T19:35:10Z&spr=https&sv=2020-08-04&sr** We have container level SAS's with read/write/list which isolates each container from other containers. This works well as each client only has access to their own container.

Here's an example of a service SAS URI, showing the resource URI and the SAS token. Because the SAS token comprises the URI query string, the resource URI must be followed first by a question mark, and then by the SAS token:

In this article, you'll learn how to generate user delegation shared access signature (SAS) tokens for Azure Blob Storage containers

Please let us know if you have any further queries. I’m happy to assist you further.

---------
Please do not forget to and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.