Share via

Unable to create Storage Container Access Policies

Dean Ferley 45 Reputation points
2026-02-13T22:04:21.0533333+00:00

Hi,

I'm trying to create a Stored Access policy and Immutable Blob Storage policy within several containers but I consistently get the error: "Failed to update storage container '<name>'. Error: The account being accessed does not have sufficient permissions to execute this operation."

I have the following role assignments on the container:

  • Owner
  • Storage Blob Data Contributor
  • Storage Blob Data Owner
  • User Access Administrator

How can I get these policies in place?

Thanks,

Dean

Azure Storage
Azure Storage

Globally unique resources that provide access to data management services and serve as the parent namespace for the services.

Answer accepted by question author
  1. Vallepu Venkateswarlu 5,960 Reputation points Microsoft External Staff Moderator
    2026-02-13T22:14:23.5766667+00:00

    Hi @ Dean Ferley,

    Welcome to Microsoft Q&A Platform.

    As discussed during the call, you are attempting to create an access policy for the container named $logs, which is created by default.

    For this system-generated container, customization options such as configuring access policies are not supported, as it is reserved for logging purposes.

    You can configure access policies only for containers that are manually created

    If you encounter the error “Failed to update storage container” while creating a Stored Access Policy or configuring an Immutable Blob Storage policy,

    Please note that although the assigned RBAC roles may be sufficient, the issue may not be related to permissions.

    There could be other causes. Please verify the following:

    • Check the Storage Account firewall settings.
    • If you are accessing the storage account over the public network, ensure that Public network access is enabled.
    • If access is restricted to specific IP addresses or virtual networks, select Selected virtual networks and IP addresses and make sure your public IP address is added

    User's imagePlease enable the Allow storage account key access at the configurations. User's image

    You can also check the Activity log for the error: Failed to update storage container '<name>'.

    Alternatively Could you please try creating it using Azure CLI commands. If you receive any errors, please share the error screenshot via private message.

    Note: If you have multiple subscriptions, make sure you are logged into the correct subscription.

    If the storage account has ‘Allow storage account key access’ set to Disabled and you attempt to use key-based authentication, the operation will fail.

    As stated in Prevent Shared Key authorization for an Azure Storage account

    When you disallow Shared Key authorization for a storage account, Azure Storage rejects all subsequent requests to that account that are authorized with the account access keys. Only secured requests that are authorized with Microsoft Entra ID will succeed.

    Ref: Authorize access to data in Azure Storage
    User's image

    Azure CLI: az storage container policy create

    az storage container policy list --container-name--account-key  --account-name --auth-mode {key}  --blob-endpoint --connection-string --lease-id

    Azure CLI: Configure a retention policy on a container

    az storage container immutability-policy create --resource-group <resource-group> --account-name <storage-account> --container-name <container> --period 10

    Please210246-screenshot-2021-12-10-121802.pngand “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.