Remotely remove access for a Azure Storage Explore App user

Vocal Star 20 Reputation points
2023-11-02T20:39:30.5733333+00:00

We have a member of staff that we are having issues with, who works remotely and has access to our Azure Storage Explore App and we need to revoke this access.

Is this possible?

He would have the potential for deleting content. Any help would be greatly appreciated.

Kind Regards,

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,267 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,976 questions
{count} votes

Accepted answer
  1. Ramya Harinarthini_MSFT 5,356 Reputation points Microsoft Employee
    2023-11-03T06:13:58.7633333+00:00

    @Vocal Star Welcome to Microsoft Q&A, thank you for posting your here!!

    You cannot revoke access to that particular user in Azure Storage Explorer.

    However, we can revoke access of that user on the Storage accounts. if that user is accessing the Storage account through Azure AD credentials, SAS and Access keys.

    For revoking user access on a Storage account when accessing through Azure AD account

    Remove the role assignment on Storage account resource.

    1. Open Access control (IAM) at a scope Storage resource, where you want to remove access.

    User's image

    1. Click the Role assignments tab to view all the role assignments at
    2. this scope.
    3. In the list of role assignments, add a checkmark next to the security principal with the role assignment you want to remove.
    4. Click Remove.

    Remove role assignment message

    1. In the remove role assignment message that appears, click Yes.

    If you see a message that inherited role assignments cannot be removed, you are trying to remove a role assignment at a child scope(ie. at Storage account level). You should open Access control (IAM) at the scope where the role was assigned and try again. A quick way to open Access control (IAM) at the correct scope is to look at the Scope column and click the link next to (Inherited).

    Remove role assignment message for inherited role assignments

    For revoking user access on a Storage account when accessing through Storage SAS and access keys

    You can configure SAS expiration policy however, you may have to regenerate access keys of the storage account first and then configure a SAS expiration policy mentioned in the below link.

    https://learn.microsoft.com/en-us/azure/storage/common/sas-expiration-policy?tabs=azure-portal#how-to-configure-a-sas-expiration-policy

    https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview#best-practices-when-using-sas

    Hope this helps!
    Kindly let us know if the above helps or you need further assistance on this issue.


    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.