In this video, look at stored access policies for granting privileges at the service level. Stored access policies can also be changed or revoked at a future date.
- [Instructor] In addition to shared keys, and the shared access signatures, there is also the stored access policies. The keys were essentially the root account, the universal access to the storage account. SAS or shared access signatures were a way to do fine grain minimum privilege. And now the third option is stored access policies. These relate to shared access signatures, but are in particular at the service level. And a key difference is that we can edit the stored access policy.
They are essentially server side. Stored access policies are available on blob containers, on file shares, on queues, and on tables. Let's take a look. Navigate to the Azure portal. And select one of your storage accounts. Within the storage account, be reminded of access keys. Under settings, we can see the primary and secondary key. And we have shared access signatures. With shared access signatures, we set the fine grain controls, we want to grant to a client, and they are remittable, once created, you cannot change them.
However, when we go down to the table service, select tables, create a table, and when you select the table, note that your lips on the right and select access policy. Within the access policy, you see something a little bit different from the shared access signatures that we previously looked at.
Here we can store an access policy at the table level. Click add policy. And notice under permissions, we have the options appropriate for a table. Read, add, update, and delete. Click okay. And you can see we've saved the policy. Now this policy, is essentially server side, so we can come back later and modify this policy. And so truly this policy is editable, in contrast to shared access signatures that are created one time and are not modifiable.
And so now you've seen three ways to secure your data. One is the key at the storage account level. And now there is the fine grain control, we get with shared access signatures, and here we have the third option stored access policies that we configure at the table level.
- Creating a Blob storage account
- Stored access policies for granting privileges
- Shared access signatures
- Encrypting data at rest
- Connecting to and creating a table
- Creating entities
- Querying tables
- Performance constraints of Azure Storage tables