Before starting for How we can access the storage account using an access key or SAS and what is the difference between them I highly recommend you to take a look about this articles series for how to manage azure storage account using Azure portal, PowerShell and Cloud Shell ➡️ https://lnkd.in/edn6nyY/#AzureStorageAccount 💨✅

  • Storage account Firewall
  • Access Key
  • Shared Access Signature
  • Azure Blob Data Permissions Deep Dive (360 in 360) Video by John Savill
  • Database Cloud Tech Azure Posts Road-Map
  • Follow Up Database Cloud Tech on LinkedIn , Facebook and twitter

Storage account Firewall

by default, Firewall will accept all connection and we can restrict access by adding some IP’s also we can add Exception, and we can configure network access to a storage account to allow the traffic coming from allowed VNET to access this storage account by default, Firewall will accept all connection and we can restrict access by adding some IP’s also we can add Exception, and we can configure network access to a storage account to allow the traffic coming from allowed VNET to access this storage account.

Access Key

  1. Any storage account has an access key to be used when the application connected to the storage and Microsoft recommended using Shared Access Signature (SAS) because the APP using access key will have FULL permission on all of the storage account  
  2. Microsoft Provided two keys to be able to switch between them
  3. To do regeneration for the access key Microsoft recommended to switch your APP to access Key 2 then regenerate access Key 1 then switch your APP to access Key 1 and regenerate access Key2
  4. Generating the access key meaning any application used the old key will lose the connection to the storage account

Shared Access Signature

  1. You don’t need to share access Key
  2. With SAS we can limit the access as we need
  3. With SAS we have expiry option to set the start time and end time for this access
  4. With SAS you can allow the HTTPS or HTTP
  5. SAS depends on the access key so if you generated the access key you will need to change the SAS token or the services SAS URL for example Blob Services SAS URL.
  6. We have two types of SAS ➡️ First one Services SAS allow access to only one storage services from these 4 services (Blob, Files, Tables, Queue) Second one Account SAS allow access to all storage services
Azure Blob Data Permissions Deep Dive (360 in 360)

📊MY Azure Posts Road-Map💯

Keep Following

Published by Mustafa EL-Masry

I am Microsoft database consultant working as a Database administrator for more than +10 Years I have very good knowledge about Database Migration, Consolidation, Performance Tuning, Automation Using T-SQL, and PowerShell and so many other tasks I do it in multiple customers here in KSA and as of now, I am working in Bank Albilad managing the core banking system that is hosted in SQL Server Database 8 TB. Also, I am Microsoft certified 2008 and 2016 in SQL Server (2x MCTS, 2x MCTIP, MCSA, MCSE) and I am Microsoft Certified Trainer (MCT) also I am azure Certified (AZ-900, AZ-103) also I was awarded by Microsoft Azure Heroes 3 times as (Azure Content hero, Azure Community hero and Azure Mentor) For more information check my page https://mostafaelmasry.com/about-me/

One thought on “Microsoft Azure Storage Permission

  1. Pingback: Microsoft Azure AZ-103 Tips,Hints and Notes Part 2 – DATABASE & CLOUD TECH

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.