New-AzStorageAccountSASToken
Creates an account-level SAS token.
Syntax
Default (Default)
New-AzStorageAccountSASToken
-Service <SharedAccessAccountServices>
-ResourceType <SharedAccessAccountResourceTypes>
[-Permission <String>]
[-Protocol <SharedAccessProtocol>]
[-IPAddressOrRange <String>]
[-StartTime <DateTime>]
[-ExpiryTime <DateTime>]
[-EncryptionScope <String>]
[-Context <IStorageContext>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Description
The New-AzStorageAccountSASToken cmdlet creates an account-level shared access signature (SAS) token for an Azure Storage account.
You can use the SAS token to delegate permissions for multiple services, or to delegate permissions for services not available with an object-level SAS token.
An account SAS is secured using the storage account key. To create an account SAS, a client application must possess the account key.
Examples
Example 1: Create an account-level SAS token with full permission
New-AzStorageAccountSASToken -Service Blob,File,Table,Queue -ResourceType Service,Container,Object -Permission "racwdlup"
This command creates an account-level SAS token with full permission.
Example 2: Create an account-level SAS token for a range of IP addresses and EncryptionScope
New-AzStorageAccountSASToken -Service Blob,File,Table,Queue -ResourceType Service,Container,Object -Permission "racwdlup" -Protocol HttpsOnly -IPAddressOrRange 168.1.5.60-168.1.5.70 -EncryptionScope scopename
This command creates an account-level SAS token for HTTPS-only requests from the specified range of IP addresses, with a specific EncryptionScope.
Example 3: Create an account-level SAS token valid for 24 hours
New-AzStorageAccountSASToken -Service Blob -ResourceType Service,Container,Object -Permission "rl" -ExpiryTime (Get-Date).AddDays(1)
This command creates an read-only account-level SAS token that is valid for 24 hours.
Parameters
-Context
Specifies the Azure storage context.
You can use the New-AzStorageContext cmdlet to get an AzureStorageContext object.
Parameter properties
Type: IStorageContext
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: True Value from pipeline by property name: True Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-EncryptionScope
Encryption scope to use when sending requests authorized with this SAS URI.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ExpiryTime
Specifies the time at which the shared access signature becomes invalid.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-IPAddressOrRange
Specifies the IP address or range of IP addresses from which to accept requests, such as 168.1.5.65 or 168.1.5.60-168.1.5.70.
The range is inclusive.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Permission
Specifies the permissions for Storage account.
Permissions are valid only if they match the specified resource type.
It is important to note that this is a string, like rwd (for Read, Write and Delete).
For more information about acceptable permission values, see Constructing an Account SAS http://go.microsoft.com/fwlink/?LinkId=799514
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Protocol
Specifies the protocol permitted for a request made with the account SAS.
The acceptable values for this parameter are:
HttpsOnly
HttpsOrHttp
The default value is HttpsOrHttp.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ResourceType
Specifies the resource types that are available with the SAS token.
The acceptable values for this parameter are:
None
Service
Container
Object
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Service
Specifies the service.
The acceptable values for this parameter are:
None
Blob
File
Queue
Table
Parameter properties
Type: SharedAccessAccountServices
Default value: None Accepted values: None, Blob, File, Queue, Table Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-StartTime
Specifies the time, as a DateTime object, at which the SAS becomes valid.
To get a DateTime object, use the Get-Date cmdlet.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
