Before starting for How we can access the storage account using an access key or SAS and what is the difference between them I highly recommend you to take a look about this articles series for how to manage azure storage account using Azure portal, PowerShell and Cloud Shell ➡️ https://lnkd.in/edn6nyY/#AzureStorageAccount 💨✅

  • Storage account Firewall
  • Access Key
  • Shared Access Signature
  • Azure Blob Data Permissions Deep Dive (360 in 360) Video by John Savill
  • Database Cloud Tech Azure Posts Road-Map
  • Follow Up Database Cloud Tech on LinkedIn , Facebook and twitter

Storage account Firewall

by default, Firewall will accept all connection and we can restrict access by adding some IP’s also we can add Exception, and we can configure network access to a storage account to allow the traffic coming from allowed VNET to access this storage account by default, Firewall will accept all connection and we can restrict access by adding some IP’s also we can add Exception, and we can configure network access to a storage account to allow the traffic coming from allowed VNET to access this storage account.

Access Key

  1. Any storage account has an access key to be used when the application connected to the storage and Microsoft recommended using Shared Access Signature (SAS) because the APP using access key will have FULL permission on all of the storage account  
  2. Microsoft Provided two keys to be able to switch between them
  3. To do regeneration for the access key Microsoft recommended to switch your APP to access Key 2 then regenerate access Key 1 then switch your APP to access Key 1 and regenerate access Key2
  4. Generating the access key meaning any application used the old key will lose the connection to the storage account

Shared Access Signature

  1. You don’t need to share access Key
  2. With SAS we can limit the access as we need
  3. With SAS we have expiry option to set the start time and end time for this access
  4. With SAS you can allow the HTTPS or HTTP
  5. SAS depends on the access key so if you generated the access key you will need to change the SAS token or the services SAS URL for example Blob Services SAS URL.
  6. We have two types of SAS ➡️ First one Services SAS allow access to only one storage services from these 4 services (Blob, Files, Tables, Queue) Second one Account SAS allow access to all storage services
Azure Blob Data Permissions Deep Dive (360 in 360)

📊MY Azure Posts Road-Map💯

Keep Following

One thought on “Microsoft Azure Storage Permission

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.