unable to load delete retention policy properties / unable to retrive child resources

braxx 426 Reputation points

Having the issue extracting files from Data Lake / blob storage with Storage Explorer via SAS token. Here is the error I got when selecting "load more" to get a list of blobs

Here is how my connection string looks like with all the permissions granted.
SAS token

When creating a connection in Storage Explorer i was notified some parameters was missing like:

After hacking the SAS url by manually adding these parameters, Storage Explorer let me create the connection.
But when extracting I used to get "unable to load delete retention policy properties"/ "unable to retrive child resources" error.

Is there any permission needed? Do not know what I am doing wrong.

Azure Storage Explorer
Azure Storage Explorer
An Azure tool that is used to manage cloud storage resources on Windows, macOS, and Linux.
229 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,412 questions
0 comments No comments
{count} votes

Accepted answer
  1. deherman-MSFT 33,056 Reputation points Microsoft Employee

    @braxx I believe the issue is that you are creating an account SAS and attempting to use that to access a container. Since the account SAS you are creating only has SignedResourceTypes (srt) set to container you will not be able to list containers in the account. If you wish to list all the containers in the account you need to have srt=sc if you wish to also get and delete blobs you will need Object (o) permissions. This table is helpful in understanding the which signed resource type and signed permissions to specify to delegate access to those operations.

    Hope this helps! If you still have issues let me know and I will be happy to assist.


    Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. braxx 426 Reputation points

    You were right. The problem was in a missing permission.
    I agree. When creating a SAS for whole storage / all the containers, access for Service must be granted in SAS otherwise the child items which i guess are container's names in this case will not be listed.
    I finally solved it by generating a new SAS with Access Policy with, read, write, create, delete and list access to a specific container, instead of granting Service access to all the containers.