Share via

Controlling Access to Files using Virtual Directories in Azure Blob Storage

Róbert Hálfdanarson 20 Reputation points
2023-06-15T10:49:47.8533333+00:00

Insight into my project

I am currently in search of a suitable platform to migrate my application. I require a reliable service that can securely store my files, and after considering various options, I am leaning towards utilizing blob storages. My web application allows users to upload and access files as required. However, implementing file authorization presents a challenge, as some files should have restricted access while others remain accessible. For instance, there is a specific scenario where a draft file is uploaded and subsequently published once ready. To manage user authentication, I intend to use Azure AD B2C.

Question

Is it possible to manage access to blobs using virtual directories, or is it only feasible to control access to the containers? I have been unable to find a definitive answer to this question elsewhere, so I am hopeful that I can find the information I need here.

I am currently exploring the use of RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control) for my application.

Example:

Consider the following file structure:

Container 1
    File 1
    Virtual Directory
        File 2

Is it possible to grant user access to File 1 while restricting their access to File 2?

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,473 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. deherman-MSFT 34,021 Reputation points Microsoft Employee
    2023-06-15T16:57:51.08+00:00

    @Róbert Hálfdanarson

    Azure Blob Storage allows you to control access to blobs at the container level, but not at the virtual directory level. This means that you can grant access to all blobs within a container or restrict access to the entire container, but you cannot grant access to specific blobs within a container based on their location in a virtual directory.

    You might consider using Azure Data Lake Storage Gen2. When using Azure Data Lake Storage Gen2 with the hierarchical namespace (HNS) feature enabled, you can manage access control at the directory level by using ACLs.

    If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.

    If the answer has been helpful, we appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.

    Thank you for helping to improve Microsoft Q&A!

    User's image