DEVHIDE
Login Or Sign up

Setting Managed Identity for Azure BLOBs

100 Views Asked by At

For my Azure Storage Account | BLOBs, I want to use a Managed Identity so that my web app can:

  1. Create the needed containers if they don't already exist
  2. CRUD BLOBs, with metadata set for them
  3. Create a Read access SAS for private BLOBs

Is Storage Blob Data Contributor the correct role to assign?

And what Job function roles or Privileged administrator roles should I set for a user that needs the ability to do anything?

azure-blob-storage azure-storage shared-access-signatures
Original Q&A
1

There are 1 best solutions below

2
On BEST ANSWER

Is Storage Blob Data Contributor the correct role to assign?

Yes, for the 3 tasks you mentioned this role should be sufficient. However, please note that you can only create User Delegation SAS using Storage Blob Data Contributor role. If you want to create a Service SAS or Account SAS, you would need storage account key.

Please see these links for more details for Storage Blob Data Contributor role:

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage-blob-data-contributor

https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-azure-active-directory#permissions-for-blob-service-operations

Related Questions in AZURE-BLOB-STORAGE

Related Questions in AZURE-STORAGE

Related Questions in SHARED-ACCESS-SIGNATURES

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.