Look at stored access policies for granting privileges at the service level. Learn how stored access policies can also be changed or revoked at a future date.
- [Instructor] In addition to shared keys…and the shared access signatures,…there is also the stored access policies.…So the keys were essentially the root account,…the universal access to the storage account,…SAS, or shared access signatures…were a way to do fine grained minimum privilege.…And now the third option is stored access policies.…These relate to shared access signatures…but are in particular at the service level.…And a key difference is that we can edit…the stored access policy.…
They are essentially server side.…Stored access policies are available on blob containers,…on file shares, on queues, and on tables.…Let's take a look.…Navigate to the Azure portal…and select one of your storage accounts.…Within the storage account, be reminded of access keys.…Under settings we can see the primary and secondary key,…and we have shared access signatures.…With shared access signatures,…we set the fine grain controls we want to grant to a client…and they are immutable, once created,…you can not change them.…
However, let's scroll down further,…
Looking for study partners?Join the AZ-203 Azure Exam study group
Azure Storage is an important part of the Microsoft Azure developer toolkit. In this course, Anton Delsink provides a high-level overview of what Azure Storage is, as well as a brief look at the options available to developers: table, file, queue, and blob-based storage. Anton starts the course with a tour of the Azure portal and an explanation of how to create both a general-purpose storage account and a Blob storage account. Next, he covers important security and deployment topics that apply across all storage options. To wrap up, he briefly goes over each storage area. For a more in-depth exploration of each storage area—files, tables, blobs, and queues—check out additional courses in the Azure Storage for Developers series.
- Creating general-purpose and Blob storage accounts
- Shared key authentication
- Using shared access signatures (SAS)
- Granting privileges with stored access policies
- Encrypting data at rest
- Deploying Azure storage accounts from the command line
- Deploying Azure storage accounts using PowerShell
- Storage types, including blobs, tables, queues, and files