How to prevent users from deleting files from Azure Storage

Dominic Buschi 1 Reputation point
2022-05-05T08:08:08.953+00:00

We use RBAC to authorize users. Users have Contributor rights to Azure Storage accounts. Is there a way to remove DELETE permissions? Users should be able to add and update content, but not to remove anything. Note: We are using Soft Delete and Versioning to ensure against accidental delete but it would be nicer to just prevent deletions altogether.
Thanks for your help!

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,667 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Takahito Iwasa 4,841 Reputation points MVP
    2022-05-05T20:57:50.763+00:00

    Hi, @Dominic Buschi

    I heard your scenario was like immutable storage.

    If that is appropriate, you can use the WORM (Write Once, Read Many) state feature to allow only create and reference and block deletes and updates.

    https://learn.microsoft.com/en-us/azure/storage/blobs/immutable-storage-overview

    Even if you prevent the file from being deleted, you can update it with a dummy file, so the WORM setting is suitable for some scenarios.

    1 person found this answer helpful.