Redigera

Dela via


New-AzStorageAccountSASToken

Creates an account-level SAS token.

Syntax

New-AzStorageAccountSASToken
   -Service <SharedAccessAccountServices>
   -ResourceType <SharedAccessAccountResourceTypes>
   [-Permission <String>]
   [-Protocol <SharedAccessProtocol>]
   [-IPAddressOrRange <String>]
   [-StartTime <DateTime>]
   [-ExpiryTime <DateTime>]
   [-EncryptionScope <String>]
   [-Context <IStorageContext>]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]

Description

The New-AzStorageAccountSASToken cmdlet creates an account-level shared access signature (SAS) token for an Azure Storage account. You can use the SAS token to delegate permissions for multiple services, or to delegate permissions for services not available with an object-level SAS token. An account SAS is secured using the storage account key. To create an account SAS, a client application must possess the account key.

Examples

Example 1: Create an account-level SAS token with full permission

New-AzStorageAccountSASToken -Service Blob,File,Table,Queue -ResourceType Service,Container,Object -Permission "racwdlup"

This command creates an account-level SAS token with full permission.

Example 2: Create an account-level SAS token for a range of IP addresses and EncryptionScope

New-AzStorageAccountSASToken -Service Blob,File,Table,Queue -ResourceType Service,Container,Object -Permission "racwdlup" -Protocol HttpsOnly -IPAddressOrRange 168.1.5.60-168.1.5.70 -EncryptionScope scopename

This command creates an account-level SAS token for HTTPS-only requests from the specified range of IP addresses, with a specific EncryptionScope.

Example 3: Create an account-level SAS token valid for 24 hours

New-AzStorageAccountSASToken -Service Blob -ResourceType Service,Container,Object -Permission "rl" -ExpiryTime (Get-Date).AddDays(1)

This command creates an read-only account-level SAS token that is valid for 24 hours.

Parameters

-Context

Specifies the Azure storage context. You can use the New-AzStorageContext cmdlet to get an AzureStorageContext object.

Type:IStorageContext
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EncryptionScope

Encryption scope to use when sending requests authorized with this SAS URI.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ExpiryTime

Specifies the time at which the shared access signature becomes invalid.

Type:Nullable<T>[DateTime]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IPAddressOrRange

Specifies the IP address or range of IP addresses from which to accept requests, such as 168.1.5.65 or 168.1.5.60-168.1.5.70. The range is inclusive.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Permission

Specifies the permissions for Storage account. Permissions are valid only if they match the specified resource type. It is important to note that this is a string, like rwd (for Read, Write and Delete). For more information about acceptable permission values, see Constructing an Account SAS http://go.microsoft.com/fwlink/?LinkId=799514

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Protocol

Specifies the protocol permitted for a request made with the account SAS. The acceptable values for this parameter are:

  • HttpsOnly
  • HttpsOrHttp The default value is HttpsOrHttp.
Type:Nullable<T>[SharedAccessProtocol]
Accepted values:HttpsOnly, HttpsOrHttp
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResourceType

Specifies the resource types that are available with the SAS token. The acceptable values for this parameter are:

  • None
  • Service
  • Container
  • Object
Type:SharedAccessAccountResourceTypes
Accepted values:None, Service, Container, Object
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Service

Specifies the service. The acceptable values for this parameter are:

  • None
  • Blob
  • File
  • Queue
  • Table
Type:SharedAccessAccountServices
Accepted values:None, Blob, File, Queue, Table
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-StartTime

Specifies the time, as a DateTime object, at which the SAS becomes valid. To get a DateTime object, use the Get-Date cmdlet.

Type:Nullable<T>[DateTime]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

IStorageContext

Outputs

String