![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 90%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,201 questions
Greetings!
To achieve the goal of restricting access to a specific folder in an Azure Storage container to a few specific users while allowing others with RBAC to access the rest of the container, you need to use Azure Attribute-Based Access Control (ABAC). RBAC alone cannot meet this requirement as it takes precedence and does not allow for fine-grained access control at the folder level within a container.
Here's how you can implement this solution:
- Add a specific blob tag to the container or folder that you want to limit access to.
- Set a group to have permissions to access blob containers with the specific tag.
- Assign the Storage Blob Data Reader role to the group, specifying the tag in the role definition.
Only members of this group with the specified tag in their role will have access to view the blob data in the tagged folder. This ensures that users without this specific tag cannot access the restricted folder while still being able to access other parts of the container.
For a detailed step-by-step guide, you can refer to the following resources:
- Azure Attribute-Based Access Control (ABAC)
- What is Azure attribute-based access control (Azure ABAC)? | Microsoft Learn
Check out this video for a practical demonstration:
Hope this helps. If you have any follow-up questions, please let me know. I would be happy to help.
Please do not forget to "up-vote" wherever the information provided helps you, as this can be beneficial to other community members.