Share via

Try to support Azure cloud services

Doron Raifman 21 Reputation points
2022-03-23T06:04:09.777+00:00

Currently we have a system that support IOT devices worldwide (> 100k sensors)
We would like to enable also Azure cloud for some customers.

I wrote a wrapper class to encapsulate Azure Storage usage with container and Blobs (similar to S3)
We need hierarchical URL(s) like storage.
This enables us to authorize access to each customer only to their storage buckets (container).
Because we have very large number of files, we have sub-folders for each day.

It seems like I didn't find a solution to enable such usage.

Please suggest solution to my needs.
Thanks
Doron

Azure Storage
Azure Storage

Globally unique resources that provide access to data management services and serve as the parent namespace for the services.

0 comments

Answer accepted by question author

Sumarigo-MSFT 47,511 Reputation points Microsoft Employee Moderator
2022-03-25T09:54:01.053+00:00

@Doron Raifman Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused. Can you please elaborate bit more on your query?
Based on your scenario I would recommended to you RBAC , May I know which Azure Storage are you using (Blob, Files, Table, Queue, ADLS)?

I assume you are using Azure blob storage (Container) and trying restrict access to the users/client? If not please correct me.

You may refer to this article. Azure Active Directory (AAD) authorizes access rights to resources protected by Azure Role-Based Access Control (Azure RBAC) . Azure Storage defines a set of built-in Azure roles that encompass common sets of permissions used to access blob data.

Authorize access to data in Azure Storage: https://learn.microsoft.com/en-us/azure/storage/common/authorize-data-access

Storage Blob Data Owner: Use to set ownership and manage POSIX access control for Azure Data Lake Storage Gen2. For more information, see Access control in Azure Data Lake Storage Gen2.

  • Storage Blob Data Contributor: Use to grant read/write/delete permissions to Blob storage resources.
    • Storage Blob Data Reader: Use to grant read-only permissions to Blob storage resources.
  • Storage Blob Delegator: Get a user delegation key to use to create a shared access signature that is signed with Azure AD credentials for a container or blob.
  • You can also SAS to set different level of access and it would be more effective at different container level

Addition information: If the issue still persist, you can refer to this Q&A thread which provides some idea on your query: https://learn.microsoft.com/en-us/answers/questions/37646/how-to-set-access-permissions-for-azure-blob-stora.html

Can you kindly explore the options mentioned here

Restrict access to a specific container in a Azure Storage BLOB to specific tenant (Azure AD)

Also the option of authorizing access to storage blobs/containers using AAD : Authorize access to blobs using Azure Active Directory

Azure Storage support for Azure Active Directory based access control generally available

Hope this helps!

Kindly let us know if the above helps or you need further assistance on this issue.

Please do not forget to 186828-screenshot-2021-12-10-121802.png and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Was this answer helpful?

0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Doron Raifman 21 Reputation points
    2022-03-25T10:01:13.053+00:00

    Thank you for the elaborated answer.
    Seems like you have solved my issue

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.