While this feature is under review, Shared Access Signatures (http://blogs.msdn.com/b/windowsazurestorage/archive/2012/06/12/introducing-table-sas-shared-access-signature-queue-sas-and-update-to-blob-sas.aspx) can be used to specify exact permissions for a table, partition, or entity, and distribute those to calling applications. Using this can reduce the risk of accidental deletions.
Please implement this. Shared Access Signatures don't generate an audit trail. I want to be able to give developers fine grained access (read rights) on production Blob storage/Table storage through Active Directory. Right now, there is a "Storage Blob Data Reader (Preview)" role, but when I give a user this role, in Storage Explorer I get the error "Could not obtain keys for Storage Account. Please check that you have the correct permissions", so this is not usable yet.
35 votesunder review · 2 comments · API Management » Developer portal · Flag idea as inappropriate… · Admin →
315 votesunder review · 13 comments · API Management » Developer portal · Flag idea as inappropriate… · Admin →
I solved this at the backend level by matching the subscription key with the product (at the operation). I created a check so that someone who wants to access an operation that is not part of the product, he will be denied.
Rest assured we still have this request in mind and are continually reviewing it. Please keep your feedback coming!
No current plans but thanks for the suggestion