question

DominicBschi-1849 avatar image
0 Votes"
DominicBschi-1849 asked DominicBschi-1849 commented

How to prevent users from deleting files from Azure Storage

We use RBAC to authorize users. Users have Contributor rights to Azure Storage accounts. Is there a way to remove DELETE permissions? Users should be able to add and update content, but not to remove anything. Note: We are using Soft Delete and Versioning to ensure against accidental delete but it would be nicer to just prevent deletions altogether.
Thanks for your help!



azure-storage-accounts
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

TakahitoIwasa avatar image
0 Votes"
TakahitoIwasa answered SumanthMarigowda-MSFT edited

Hi, @DominicBschi-1849

I heard your scenario was like immutable storage.

If that is appropriate, you can use the WORM (Write Once, Read Many) state feature to allow only create and reference and block deletes and updates.

https://docs.microsoft.com/en-us/azure/storage/blobs/immutable-storage-overview

Even if you prevent the file from being deleted, you can update it with a dummy file, so the WORM setting is suitable for some scenarios.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for your response! I have looked at immutable storage. It meets my requirements in a sense that nothing can be deleted, and I would retain all previous versions. but it's overkill in the sense that even administrators cannot delete anything once the policy is locked. For that reason, I am currently leaning toward the combination of Soft Delete and Versioning.
But I was hoping to find a more straight-forward way of preventing users from deleting files.

0 Votes 0 ·

@DominicBschi-1849 Adding more information to the above response!

Microsoft recommends locking all of your storage accounts with an Azure Resource Manager lock to prevent accidental or malicious deletion of the storage account. Azure Storage Locks:

Based on your scenario you may go with Soft delete, Kindly lets us know if you have any question, I will be happy to assist you. Apologies for the delay response


Please do not forget to 202774-screenshot-2021-12-10-121802.png and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.


1 Vote 1 ·