Unable to Access Blob Storage Containers Despite Ownership

Arie Yakir 20 Reputation points Microsoft Employee
2024-10-29T07:06:39.1566667+00:00

There is a container called indexer-examples that cannot be accessed, along with other containers created previously. All storage accounts are currently inaccessible, even though role assignments indicate ownership.

What could have happened and how can this issue be resolved?

User's image

User's image

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,926 questions
0 comments No comments
{count} votes

Accepted answer
  1. TP 98,176 Reputation points
    2024-10-29T07:15:06.24+00:00

    Hi Arie,

    You need to add blob role assignment to your account so that you will be able to access blob storage. For example, you could add Storage Blob Data Owner or Storage Blob Data Contributor, etc., role to your user.

    NOTE: After adding role assignment, there is a delay before the change takes effect. Give it a minute or two and then try to access the blob container after assigning new role to your account.

    Please click Accept Answer and upvote if the above was helpful.

    Thanks.

    -TP

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Hari Babu Vattepally 635 Reputation points Microsoft Vendor
    2024-10-29T08:24:44.99+00:00

    Hi @Arie Yakir

    Welcome to Microsoft Q&A Forum. Thanks for posting your query here!

    Storage Blob Data Contributor RBAC role only lets you manage the Data actions i.e (Read, write, and delete Azure Storage containers and blobs) not Management Action i.e to view the Storage account from Azure portal.

    To access blob data from the Azure portal using your Azure AD account, both of the following statements must be true for you:

    • You have been assigned a built-in role i.e Storage Blob Data Contributor that provides access to blob data.
    • You have been assigned the Azure Resource Manager Reader role, at a minimum, scoped to the level of the storage account or higher. The Reader role grants the most restricted permissions, but another Azure Resource Manager role that grants access to storage account management resources is also acceptable.

    The Azure Resource Manager Reader role permits users to view storage account resources, but not modify them. It does not provide read permissions to data in Azure Storage, but only to account management resources. The Reader role is necessary so that users can navigate to blob containers in the Azure portal.

    There is also another way i.e assign a user with Reader and Data Access Rbac role on Storage account or Resource group level.

    Let's you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.

    Hope this helps! Kindly let us know if the above helps or you need further assistance on this issue.


    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.