I have an application deployed in Azure. The users are authenticated using Entra ID. I would like to give the ability to each user to upload his files and make sure he is the only one able to access them to download them later.
my current idea is to have these files stored in azure blob storage and protected via RBAC. My question is: How to automate the creation of a dedicated folder to each user on demand and make sure that its protected and can be accessed only by him ?
According to this Documentation, first, you need to manually create the folder with the username in the storage account.
By following the above documentation, add a role assignment to the particular user to access the folder using the following expression.
Ensure that the storage accounts included in this condition have a hierarchical namespace enabled or might be enabled in the future.
Portal:
Assign a role assignment with the Storage Blob Data Owner role and condition.
Condition:
This will allow access to a specific folder with specific permission for the particular user.
Structure:
Reference: Tutorial: Add a role assignment condition to restrict access to blobs using the Azure portal - Azure ABAC - Azure Storage | Microsoft Learn