Look at stored access policies for granting privileges at the service level. Learn how stored access policies can also be changed or revoked at a future date.
- [Instructor] In addition to shared keys…and the Shared Access Signatures,…there is also the Stored Access Policies.…So the keys were essentially the route account,…the universal access to the storage account.…SAS, or Shared Access Signatures, were a way to do…fine-grained minimum privilege.…And now the third option is Stored Access Policies.…These relate to Shared Access Signatures but are,…in particular, at the service level.…And a key difference is that we can…edit the stored access policy.…
They are essentially server side.…Stored Access Policies are available on blob containers,…on file shares, on queues, and on tables.…Let's take a look.…Navigate to the Azure portal,…and select one of your storage accounts.…Within the storage account, be reminded of Access keys.…Under Settings, we can see the primary and secondary key.…And we have Shared access signature.…With shared access signatures, we set the…fine-grained controls we want to grant to a client.…
And they are immutable.…Once created, cannot change them.…
Released
12/10/2018- Creating a storage account
- Shared key authentication
- Using shared access signatures (SAS)
- Granting privileges with stored access policies
- Managing the visible time property
- Queue metadata
- Queue access control (SAS)
- Performance constraints of Azure Queue Storage
Share this video
Embed this video
Video: Stored access policies