Hi @Pawan kumar
Welcome to Microsoft Q&A, thanks for posting your query.
To access blob data from the Azure portal using your Microsoft Entra account, both of the following statements must be true for you:
- You are assigned either a built-in or custom role that provides access to blob data.
- You are assigned the Azure Resource Manager Reader role, at a minimum, scoped to the level of the storage account or higher. The Reader role grants the most restricted permissions, but another Azure Resource Manager role that grants access to storage account management resources is also acceptable.
The Azure Resource Manager Reader role permits users to view storage account resources, but not modify them. It doesn't provide read permissions to data in Azure Storage, but only to account management resources. The Reader role is necessary so that users can navigate to blob containers in the Azure portal.
https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles
https://learn.microsoft.com/en-us/azure/role-based-access-control/troubleshooting?tabs=bicep
- Check Role Assignments: Make sure the user has the right roles assigned specifically for the storage account. Verify that these roles are applied at the right level, like the storage account itself or the resource group containing it.
- Review Access Policies: Look over any access policies that might be affecting the user’s access. For instance, check for conditional access policies that could be blocking access to the storage account.
- Inspect Custom Roles: If you’ve assigned a custom role, confirm that it includes all permissions needed for accessing the storage account. Custom roles can sometimes miss certain permissions required for specific actions.
- Ensure Anonymous Access is Disabled: Check that anonymous (public) access is turned off on the storage account. Disabling public access helps prevent unauthorized access to the data.
- Consider Identity-Based Access: Use identity-based access with a Managed Identity on the storage account for more secure and reliable access control than using account keys.
- Check for Error Messages or Logs: Look for any error messages or logs related to the user's access issue. These details can help you solve your issue.
Please let us know if you have any further queries. I’m happy to assist you further.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.