How can we improve Azure Storage?

Allow user-based access to Blob Containers (for support employees)

For auditing purposes and to prevent data corruption, we want to give our support employees a user-centric, read-only access to Blob Containers in order to be able to investigate possible data corruptions (caused by bugs in systems).

This is not possible now because the security architecture of Blob Service does not even know the concept of users or roles.

SAS is not secure enough mechanism because it gives access to anyone by just sharing a link + you can't track who's actually using it.

310 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Vojtech Vit shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

Thank you for you feedback. Currently we are in public preview of Azure Active Directory authentication for storage. This feature set allows you to use Azure’s role-based access control framework to grant specific permissions to users, groups and applications down to the scope of an individual blob container or queue. You can see the public preview announcement here: https://azure.microsoft.com/en-us/blog/announcing-the-preview-of-aad-authentication-for-storage/

For any further questions, or to discuss your specific scenario, send us an email at azurestoragefeedback@microsoft.com.

10 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base