Explore shared access signatures as a means of granting minimum privileges for accessing an Azure Storage account, limiting the access to a service, to a type of access, and even by a date/time.
- [Instructor] To adhere to the principle…of minimum privilege we will avoid using…shared keys and rather use shared access signatures,…as a way of providing the specific limited privileges…a client needs for accessing the resource…within the Azure storage account.…In particular, shared access signatures…are used for blobs, files, and other mechanisms,…where we want to grant a specific permission to a client…to take a very specific action.…Looking in the Azure portal,…select one of your storage accounts.…
And below the Overview, below Access keys,…is Shared access signature.…Click on Shared access signature…and you'll see several of the options…on the right-hand side.…So Shared access signature is essentially…a unique token being generated for a client…for a specific purpose.…In particular, we can limit by service.…So we can grant access to just one service…be it Blob, File, Queue or Table storage.…We can limit the access by the type of resource,…Service, Container, Object itself,…and of course Read, Write, Delete,…
Author
Anton Delsink
Released
12/18/2018Looking for study partners?
Join the AZ-203 Azure Exam study groupAzure Storage is an important part of the Microsoft Azure developer toolkit. In this course, Anton Delsink provides a high-level overview of what Azure Storage is, as well as a brief look at the options available to developers: table, file, queue, and blob-based storage. Anton starts the course with a tour of the Azure portal and an explanation of how to create both a general-purpose storage account and a Blob storage account. Next, he covers important security and deployment topics that apply across all storage options. To wrap up, he briefly goes over each storage area. For a more in-depth exploration of each storage area—files, tables, blobs, and queues—check out additional courses in the Azure Storage for Developers series.
- Creating general-purpose and Blob storage accounts
- Shared key authentication
- Using shared access signatures (SAS)
- Granting privileges with stored access policies
- Encrypting data at rest
- Deploying Azure storage accounts from the command line
- Deploying Azure storage accounts using PowerShell
- Storage types, including blobs, tables, queues, and files
Skill Level Beginner
Duration
Views
-
Introduction
-
What you should know1m 54s
-
1. Overview
-
Azure Storage overview9m 13s
-
Azure Storage Explorer2m 13s
-
-
2. Security
-
Shared key authentication2m 15s
-
Stored access policies2m 16s
-
Encryption at rest2m 25s
-
-
3. Deployment
-
Azure CLI6m 57s
-
PowerShell4m 13s
-
Local emulator2m 6s
-
-
4. Storage Types
-
Conclusion
-
Next steps1m 45s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Shared access signatures (SAS)