Blob storage IAM

Shahin Mortazave 486 Reputation points

We have an Azure Blob storage account with some Containers and each of the containers have some folders and sub folders.
Until now some of our users access the containers in this Storage account with a 3rd party application that we could munt the storage and grant some access rights to the our users.
Now we have a different 3rd party app that can connect to the storage directly and connection is made by the shared key and storage account name, but this give the end users to much access to containers that they should not have access to.
Question is, how can we give only read access to some of the users so they can access the storage account with the same shared key? can we do this with Access Control (IAM)? does each user get a different access key or all users use the same key?


Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,264 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. deherman-MSFT 31,991 Reputation points Microsoft Employee

    @Shahin Mortazave
    You can use Shared access signature (SAS) to restrict access to read only for a particular container or blob. Users can use the same SAS token to access the containers and you can set the token to expire.

    For more information see:
    Grant limited access to Azure Storage resources using shared access signatures (SAS)


    Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments