Shared access signatures (SAS)

- [Instructor] To adhere to the principle…of minimum privilege we will avoid using…shared keys and rather use shared access signatures,…as a way of providing the specific limited privileges…a client needs for accessing the resource…within the Azure storage account.…In particular, shared access signatures…are used for blobs, files, and other mechanisms,…where we want to grant a specific permission to a client…to take a very specific action.…Looking in the Azure portal,…select one of your storage accounts.…

And below the Overview, below Access keys,…is Shared access signature.…Click on Shared access signature…and you'll see several of the options…on the right-hand side.…So Shared access signature is essentially…a unique token being generated for a client…for a specific purpose.…In particular, we can limit by service.…So we can grant access to just one service…be it Blob, File, Queue or Table storage.…We can limit the access by the type of resource,…Service, Container, Object itself,…and of course Read, Write, Delete,…