Explore shared access signatures as a means of granting minimum privileges for accessing an Azure Storage account, limiting the access to a service, to a type of access, and even by a date/time.
- [Instructor] To adhere to the principle…of minimum privilege we will avoid using…shared keys and rather use shared access signatures,…as a way of providing the specific limited privileges…a client needs for accessing the resource…within the Azure storage account.…In particular, shared access signatures…are used for blobs, files, and other mechanisms,…where we want to grant a specific permission to a client…to take a very specific action.…Looking in the Azure portal,…select one of your storage accounts.…
And below the Overview, below Access keys,…is Shared access signature.…Click on Shared access signature…and you'll see several of the options…on the right-hand side.…So Shared access signature is essentially…a unique token being generated for a client…for a specific purpose.…In particular, we can limit by service.…So we can grant access to just one service…be it Blob, File, Queue or Table storage.…We can limit the access by the type of resource,…Service, Container, Object itself,…and of course Read, Write, Delete,…
Looking for study partners?Join the AZ-203 Azure Exam study group
Azure Storage is an important part of the Microsoft Azure developer toolkit. In this course, Anton Delsink provides a high-level overview of what Azure Storage is, as well as a brief look at the options available to developers: table, file, queue, and blob-based storage. Anton starts the course with a tour of the Azure portal and an explanation of how to create both a general-purpose storage account and a Blob storage account. Next, he covers important security and deployment topics that apply across all storage options. To wrap up, he briefly goes over each storage area. For a more in-depth exploration of each storage area—files, tables, blobs, and queues—check out additional courses in the Azure Storage for Developers series.
- Creating general-purpose and Blob storage accounts
- Shared key authentication
- Using shared access signatures (SAS)
- Granting privileges with stored access policies
- Encrypting data at rest
- Deploying Azure storage accounts from the command line
- Deploying Azure storage accounts using PowerShell
- Storage types, including blobs, tables, queues, and files