RBAC access to Azure Storage - preview roles not acting as expected

懵懂的女人 提交于 2019-12-04 19:26:24

One thing is assigning proper RBAC roles and another is a client application making use of them. As far as I noticed most applications able to browse through Storage Accounts still use only the keys and obviously fail when the user is not assigned a role privileged enough.

You can however use new storage data access roles by means of Azure Portal. This requires you to assign both Reader and Storage Blob Data Reader roles. The first one is required for the user to see the storage account resource in the Portal at all. The latter is required to access data without keys.

Users will be able to see the data when going through the Blob service > Blobs menu position. Not the Storage Explorer, which still can use only keys.

You can assign Storage Blob Data Reader on the storage account level or on a particular container and this works just fine - users have access limited to a specific container.

You also need to wait some time for the roles to propagate properly. The documentation says something about 5 minutes but from my short observation it seems it can be a bit longer.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!