Share access with my Storage account

Damjan Stojanovski 41 Reputation points
2023-01-03T11:33:09.223+00:00

I want to share a storage account with a customer, however the customer should be able to have read only access so they can check if information in the storage account is correct. How can I do this?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
1,565 questions
No comments
{count} votes

Accepted answer
  1. Martin Dimovski 1,466 Reputation points
    2023-01-03T15:08:32.107+00:00

    Hi,

    Thank you for posting the question to the Q&A forum.

    Sharing the storage account information with the customer, you can do it, simple just with Shared Access Signature. More you can find here : https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview

    You can easily specify just the Read option, so you can go and open the Storage account, then under Security + Networking you will see Shared Access Signature and then you can easily check the needed permissions, in your case Read

    275771-sasqanda.png

    I hope the above information can help you.

    If the ANSWER is helpful, please click "Accept Answer" and upvote it. Thanks

    No comments

1 additional answer

Sort by: Most helpful
  1. Sumarigo-MSFT 30,991 Reputation points Microsoft Employee
    2023-01-03T12:26:24.433+00:00

    @Damjan Stojanovski Welcome to Microsoft Q&A, Thank you for posting your query here!

    Are you referring to specific blob? Are you using Azure Active Directory authentication for azure blob container?

    Not sure I understand the question: Are you referring to the azure blob container: Assign Azure roles for access rights? If I am wrong, please correct me

    There is a inbuilt role can been assigned to user
    174173-image.png

    Azure Active Directory (Azure AD) authorizes access rights to secured resources through Azure role-based access control (Azure RBAC). Azure Storage defines a set of Azure built-in roles that encompass common sets of permissions used to access blob and queue data. You can also define custom roles for access to blob and queue data.|

    When an Azure role is assigned to an Azure AD security principal, Azure grants access to those resources for that security principal. Access can be scoped to the level of the subscription, the resource group, the storage account, or an individual container or queue. An Azure AD security principal may be a user, a group, an application service principal, or a managed identity for Azure resources.

    Azure storage supports Azure AD authentication and can be used for authentication instead of storage account name / key, SAS tokens or SAS policy. Azure Storage Explorer can also use Azure AD to authenticate to storage service. You can read more about it here: https://learn.microsoft.com/en-us/azure/storage/common/storage-auth-aad

    Solution 2 : You can use Shared Access Signature option to connect to Azure Blob Storage from the Storage Explorer.

    Grant limited access to Azure Storage resources using shared access signatures (SAS)

    Security recommendations for Blob storage

    Additional information: Prevent anonymous public read access to containers and blobs
    There is also a similar thread discussion in SO forum which can give some information on your query.

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.

    --------------------------------------------------------------------------------------------------------------

    Please don’t forget to 174187-screenshot-2021-12-10-121802.png and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    No comments