![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 25%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,427 questions
@Akhilesh Verma As I understand: You need to restrict a user to access a specific container in an Azure Storage BLOB? If I am wrong please correct.
This option is not available yet! If you wish you may leave your feedback here All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.
I would recommend, please refer to this link which provides you how RBAC and built-in roles works
However, If your customer doesn't have the azure account still he can view the document/File & more from the storage account by providing the roles and by adding their account
To allow blob public access on the storage account, you can see the guideline: https://learn.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-prevent
For other built-in Azure policies on storage including a private link, you can refer: https://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#storage
Additional information: Authorizing access to data in Azure Storage
However Shared access signatures for blobs, files, queues, and tables. Shared access signatures (SAS) provide limited delegated access to resources in a storage account. Adding constraints on the time interval for which the signature is valid or on permissions it grants provides flexibility in managing access. For more information, see Using shared access signatures (SAS).
Generate and distribute SAS tokens with read/write privileges. This will give a Url which expires at a given point in time. You can do all this through the portal, through code, or by using context menus within Azure Storage Explorer. Here is a sample of how to do it with code.
Azure Storage supports using Azure Active Directory (Azure AD) to authorize requests to Blob with Azure AD, you can use Azure role-based access control (Azure RBAC) to grant permissions to a security principal, which may be a user, group, or application service principal. The security principal is authenticated by Azure AD to return an OAuth 2.0 token. The token can then be used to authorize a request against Blob or Queue storage. Authorize access to blobs and queues using Azure Active Directory
Hope this helps!
Kindly let us know if the above helps or you need further assistance on this issue.
------------------------------------------------------------------------------------------------------------------------------------
Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.