David Thielen
Reputation: 33006
Setting Managed Identity for Azure BLOBs
For my Azure Storage Account | BLOBs, I want to use a Managed Identity so that my web app can:
- Create the needed containers if they don't already exist
- CRUD BLOBs, with metadata set for them
- Create a Read access SAS for private BLOBs
Is Storage Blob Data Contributor the correct role to assign?
And what Job function roles or Privileged administrator roles should I set for a user that needs the ability to do anything?
Upvotes: 0
Views: 353
Answers (1)
Gaurav Mantri
Reputation: 136356
Is Storage Blob Data Contributor the correct role to assign?
Yes, for the 3 tasks you mentioned this role should be sufficient. However, please note that you can only create User Delegation SAS using Storage Blob Data Contributor role. If you want to create a Service SAS or Account SAS, you would need storage account key.
Please see these links for more details for Storage Blob Data Contributor role:
Upvotes: 0
Related Questions
- How to use managed identity to connect Azure blob storage account and to manage container ACL using azure SDK for Java
- Calling Azure storage account REST APIs using Azure Data Factory Managed Identity
- app service has storage contributor role in blob storage, it is throwing AuthorizationPermissionMismatch exception
- Azure Operational Backup for Azure Blobs different from soft delete?
- List blobs and containers based on assigned RBAC
- Azure roles for Blob storage for specific set of permission
- Azure create blob container using REST api and managed identity - 403 error
- Authorization for Azure Function using Managed Service Identity to fetch blob from Azure Storage container
- How to secure azure blobs