Provide access to a folder in Azure Blob container

Asked 20/9, 2018 at 8:28 Answered 17/5 at 6:0

Solved azure azure-storage azure-blob-storage

I am able to restrict access to a blob container or to particular file using SAS token, But I'm not able to generate SAS token at folder level in Azure Blob Storage.

Is there a way to provide access to only a particular folder in a Azure Blob Storage. (We have many folders in a blob container, we need to provide Read access to a single folder to client)

Berey answered 20/9, 2018 at 8:28 Comment(1)

because you can an unlimited number of container, you could flatten your structure folder with a naming convention (i.e. container name = folder1-folder2-folder3) – Tu 21/9, 2018 at 8:1

Is there a way to provide access to only a particular folder in a Azure Blob Storage.

As of today, No. As you mentioned, SAS token can be used to restrict access to either an entire blob container or an individual blob. This is because a folder in blob storage is virtual and not a real folder.

Alika answered 20/9, 2018 at 9:19 Comment(4)

Just want to know if things changed in couple years ?? Can we limit a user to be able to /upload/create to ONE specific container in a SA using RBAC or SAS ?? Or do I need to just create a separate SA for which will have just That single container ?? – Jaban 19/2, 2020 at 17:45

Nope, still the same :) as the folders in blob storage are virtual. – Alika 19/2, 2020 at 17:49

Yea i get it about the folders..but I am trying limit access to a Container ! – Jaban 19/2, 2020 at 18:55

Are the things changed in 2024? Same Storage Account with Blob storage (cold tier) - and multiple shares with different access permissions for each of them (other than SAS Token)? – Alopecia 13/2 at 12:36

Not sure if one can do that in Storage Gen1, but in Gen2, open storage explorer->your_container->your_folder. You will see this.

Click on Manage Access.
On the right side, a pane like this will open up.
Add your user. It will be added after the Mask.
Select the user, tick the access and pick one or more of Read, Write and Execute.

Nashom answered 26/3, 2021 at 5:37 Comment(0)

This is possible.

Assign Storage Blob Data Reader role at the storage account level but also add a condition action for 'List blobs' only - untick 'Read a blob'.
Navigate down to the target folder and add Storage Blob Data Reader role again but without any conditions.

Remission answered 17/5 at 6:0 Comment(0)

Recommended topics

Hot tags