Edit

Actions and attributes for Azure role assignment conditions for Azure queues

  • Article
  • 2 minutes to read

This article describes the supported attribute dictionaries that can be used in conditions on Azure role assignments for each Azure Storage DataAction. For the list of Queue service operations that are affected by a specific permission or DataAction, see Permissions for Queue service operations.

To understand the role assignment condition format, see Azure role assignment condition format and syntax.

Important

Currently, Azure attribute-based access control (Azure ABAC) is generally available (GA) for controlling access only to Azure Blob Storage, Azure Data Lake Storage Gen2, and Azure Queues using request and resource attributes in the standard storage account performance tier. It is either not available or in PREVIEW for other storage account performance tiers, resource types, and attributes. For complete feature status information of ABAC for Azure Storage, see Status of condition features in Azure Storage.

See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Azure Queue storage actions

This section lists the supported Azure Queue storage actions you can target for conditions.

Peek messages

Property Value
Display name Peek messages
Description DataAction for peeking messages.
DataAction Microsoft.Storage/storageAccounts/queueServices/queues/messages/read
Resource attributes Account name
Queue name
Request attributes
Principal attributes support True

Put a message

Property Value
Display name Put a message
Description DataAction for putting a message.
DataAction Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action
Resource attributes Account name
Queue name
Request attributes
Principal attributes support True

Put or update a message

Property Value
Display name Put or update a message
Description DataAction for putting or updating a message.
DataAction Microsoft.Storage/storageAccounts/queueServices/queues/messages/write
Resource attributes Account name
Queue name
Request attributes
Principal attributes support True

Clear messages

Property Value
Display name Clear messages
Description DataAction for clearing messages.
DataAction Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete
Resource attributes Account name
Queue name
Request attributes
Principal attributes support True

Get or delete messages

Property Value
Display name Get or delete messages
Description DataAction for getting or deleting messages.
DataAction Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action
Resource attributes Account name
Queue name
Request attributes
Principal attributes support True

Azure Queue storage attributes

This section lists the Azure Queue storage attributes you can use in your condition expressions depending on the action you target. If you select multiple actions for a single condition, there might be fewer attributes to choose from for your condition because the attributes must be available across the selected actions.

Note

Attributes and values listed are considered case-insensitive, unless stated otherwise.

Account name

Property Value
Display name Account name
Description Name of a storage account.
Attribute Microsoft.Storage/storageAccounts:name
Attribute source Resource
Attribute type String
Examples @Resource[Microsoft.Storage/storageAccounts:name] StringEquals 'sampleaccount'

Queue name

Property Value
Display name Queue name
Description Name of a storage queue.
Attribute Microsoft.Storage/storageAccounts/queueServices/queues:name
Attribute source Resource
Attribute type String

See also