BLOB Container SAS generation which Permissions I need for User delegation key?

Uwe Domschke 1 Reputation point


I want to set the permissions for the user delegation key in BLOB Container -> SAS generation. I get this message:

"You do not have permissions to grant Read access. You can still create a shared access signature (SAS), but you need an RBAC role with additional permissions to grant the signature recipient the desired access."

I have the role "owner" of the storage account without condition and "User Access Administrator" without condition.

Which RBAC role I need also?

Thanks Uwe

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,084 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Siva Villa 195 Reputation points Microsoft Employee

    Uwe Domschke

    Thanks for reaching Microsoft Q&A Team.

    To access blob data in the Azure portal with Microsoft Entra credentials, a user must have the following role assignments:

    ·        A data access role, such as Storage Blob Data Contributor or Storage Blob Data Reader

    ·        The Azure Resource Manager Reader role, at a minimum

    Please add your account in the "Storage Blob Data Contributor" permission, allow 15 minutes for the changes to take effect, and then generate a user delegation key.

    Please refer below articles for more information.

    Create a user delegation SAS - Azure Storage | Microsoft Learn

    Hope this helps. Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

    0 comments No comments