how to set access permissions for azure blob storage container at folder (prefix) level

Alex, Alexon 71 Reputation points
2020-06-18T18:15:30.85+00:00

How do I set access permissions for entire folder (theoretically prefix) in storage container? Example; I have 2 folders (containing many subfolders/objects) in single container(let's call them folder 'A' and 'B') and 4 members in project team. All 4 members can have read/edit access for folder A but only 2 of the members are allowed to have access to folder 'B'. Is there a simple way to set these permissions for each folder? There are hundreds/thousands of files within each folder and it would be very time consuming to set permissions for each individual file. Thanks for any help.

Google Cloud Storage support this based on "conditions"
AWS S3 supports this based on "bucket policy"+ "conditions"

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,897 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,599 questions
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
715 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Sumarigo-MSFT 45,321 Reputation points Microsoft Employee
    2020-06-22T11:05:29.127+00:00

    @AlexAlexon-4788 Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.

    You may try the below mentioned options:

    1. If you use ADLS (HNS) I believe you can set an ACL on a folder. . For existing storage account blob container, you would need to copy into an HNS enabled storage account (current situation)
    2. You could produce a SAS for a blob container or for individual blobs(SAS token can be used to restrict access to either an entire blob container or an individual blob. This is because a folder in blob storage is virtual and not a real folder.).

    There is a similar discussion thread please refer to the suggestion mentioned in this MSDN thread.

    Manage anonymous read access to containers and blobs

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.


  2. Sumarigo-MSFT 45,321 Reputation points Microsoft Employee
    2020-06-23T11:08:08.917+00:00

    @Alex, Alexon Just checking in to see if the above answer helped. If this answers your query, please don’t forget to "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.


  3. Kaniganti, Sushma 1 Reputation point
    2021-06-22T20:50:51.143+00:00

    I want to be able to trigger an event when the folder within my container gets deleted to autocreate it... can this be done?

    0 comments No comments