Azure Table Storage - Allow Read Only Access To Single Table For External User To Consume Using PowerBi

Chris Middleton 1 Reputation point
2021-11-18T12:13:31.28+00:00

Hi,

I'm trying to give a partner of ours access to a single table within one of our Azure storage accounts with read only permissions so that they can generate reports using PowerBi. However there seems to be no way to do this. I don't want to give them an access key for obvious reasons. As for a SAS, this still gives them access to every table and is incompatable with PowerBI. The best thing I can think of is to replicate on a daily basis the table to another storage account and give them the access key to that storage account, but even that doesn't seem possible.

Does anyone have any solutions?

Thanks in advance.

Chris

Azure Table Storage
Azure Table Storage
An Azure service that stores structured NoSQL data in the cloud.
116 questions
No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Oury Ba-MSFT 9,561 Reputation points Microsoft Employee
    2021-11-22T18:18:55.007+00:00

    Hi @Chris Middleton Thank you for posting your Question on Microsoft Q&A and sorry for the delay in replying to your question.

    You can use Azure Active directory to achieve this. Authorization with Azure AD is available for all general-purpose in all public regions and national clouds. Only storage accounts created with the Azure Resource Manager deployment model support Azure AD authorization.

    Regards,
    Oury


  2. Oury Ba-MSFT 9,561 Reputation points Microsoft Employee
    2021-11-29T22:16:22.717+00:00

    Hi @Chris Middleton

    Before you assign an Azure RBAC role to a security principal, determine the scope of access that the security principal should have. Best practices dictate that it's always best to grant only the narrowest possible scope. Azure RBAC roles defined at a broader scope are inherited by the resources beneath them.
    You can scope access to Azure table resources at the following levels, beginning with the narrowest scope:
    An individual table. ** At this scope, a role assignment applies to the specified table.
    **The storage account
    . At this scope, a role assignment applies to all tables in the account.
    The resource groups. ** At this scope, a role assignment applies to all of the tables in all of the storage accounts in the resource group.
    **The subscription
    . At this scope, a role assignment applies to all of the tables in all of the storage accounts in all of the resource groups in the subscription.
    A management group. At this scope, a role assignment applies to all of the tables in all of the storage accounts in all of the resource groups in all of the subscriptions in the management group.
    For more information about scope for Azure RBAC role assignments, see Understand Scope for Azure RBAC.

    You can't do it in the portal, but you should be able to do it with PowerShell or CLI - Assign an Azure role for access to table data (preview) - Azure Storage | Microsoft Learn

    Regards,
    Oury

    No comments