Geek Answers Handbook

Rich ACLs with Azure Storage - AD delegation?

How to create a political system with extended ACL storage with Azure storage?

I want to have a blob container that has the following users:

  • public-read-only against some set of blobs
  • Uploader - read-write against some subset of blob names, these keys are shared on semi-reliable build machines
  • shared admin - full features for this subset of blob

Ideally, these users are accounts through Azure AD, so I can use the full directory service with them ... :)

My understanding of shared access keys is that they (1) are time limited and (2) must be created using a hand tool. My desire is that I can do something similar to AWS IAM policy on S3 ... :-)

+4
source share
2 answers

There are no such things as Azure Blob Storage today AWS IAM Policies for S3. Azure recently launched Role Based Access Control (RBAC)and is available for Azure Storage, but is limited to performing management actions only like creating storage accounts, etc. It is not yet available for performing data management actions, such as loading a blob, etc.

You can look Azure Rights Management Service (Azure RMS)and see if it is suitable for your needs. If you are looking for Azure RMS Blob, you will find one of the search result links in a PDF file that talks about protecting the blob repository with this service (the link directly downloads the PDF file and therefore I cannot include it here).

, , "Team Edition" of Cloud Portam ( ). Team Edition. , Cloud Portam - Azure Explorer , Azure Storage, Search Service DocumentDB. Team Edition Azure AD , (None, Read-Only, Read-Write Read-Write-Delete) Azure, .

+3

Gaurav , Azure Storage AD , :

, (1) (2)

1) sas/uri ( ), , , 2) PS , : https://msdn.microsoft.com/en-us/library/dn806416.aspx. sas/uris , .

+3

More articles:


All Articles