Explore shared access signatures as a means of granting minimum privileges for accessing an Azure Storage account, limiting the access to a service, to a type of access, and even by a date/time.
- [Instructor] To adhere to the principle…of minimum privilege we will avoid using…shared keys and rather use shared access signatures,…as a way of providing the specific limited privileges…a client needs for accessing the resource…within the Azure storage account.…In particular, shared access signatures…are used for blobs, files, and other mechanisms,…where we want to grant a specific permission to a client…to take a very specific action.…Looking in the Azure portal,…select one of your storage accounts.…
And below the Overview, below Access keys,…is Shared access signature.…Click on Shared access signature…and you'll see several of the options…on the right-hand side.…So Shared access signature is essentially…a unique token being generated for a client…for a specific purpose.…In particular, we can limit by service.…So we can grant access to just one service…be it Blob, File, Queue or Table storage.…We can limit the access by the type of resource,…Service, Container, Object itself,…and of course Read, Write, Delete,…
Released
12/18/2018- Creating general-purpose and Blob storage accounts
- Shared key authentication
- Using shared access signatures (SAS)
- Granting privileges with stored access policies
- Encrypting data at rest
- Deploying Azure storage accounts from the command line
- Deploying Azure storage accounts using PowerShell
- Storage types, including blobs, tables, queues, and files
Share this video
Embed this video
Video: Shared access signatures (SAS)