Reputation: 23
How to create a custom role in Azure, so that another user is able to only view the list of files in a blob container but not its contents(RBAC)
How to create a custom role in Azure using Access Control(IAM), so that another user is able to view the list of files in a blob container but not its contents. Also, the user should not be able to make any changes.
Upvotes: 2
Views: 355
Answers (1)
Reputation: 136306
How to create a custom role in Azure using Access Control(IAM), so that another user is able to view the list of files in a blob container but not its contents. Also, the user should not be able to make any changes.
I don't think it is possible to do so with RBAC roles.
From this link, both List Blobs and Get Blob operation require Microsoft.Storage/storageAccounts/blobServices/containers/read (scoped to the blob container) permission thus if a user is in a role that has this permission, then that user will be able to perform both operations.
However you can achieve this using Shared Access Signature (SAS). If you create a SAS on a blob container with just list permissions, using that SAS URL a user will only be able to list blobs in a blob container and nothing else.
Upvotes: 1
Related Questions
- How to ensure user see the images pertaining to him only from private blob Azure Storage?
- Azure deny assignment to prevent read access on Azure Blob Storage
- Azure roles for Blob storage for specific set of permission
- How to assign "Storage Blob Data Reader" role to a user/group in azure?
- Assign Azure BLOB Container Access to Users
- Authorize a user for azure blob access
- Implement RBAC for Azure Blob Storage using an account in different Tenant?
- RBAC access to Azure Storage - preview roles not acting as expected
- With Azure blob storage we need Application's user specific file access, Is there any way to achieve?
- Securing Azure blob for only one user?