Limit Access to Azure Storage Account Using SAS URI

30 minutes
  • 3 Learning Objectives

About this Hands-on Lab

Your company has hired a contractor, and they need access to a storage account in order to perform their duties. They will need access to the storage account for 30 days, in which they should only be able to read and list the data. It’s important that they don’t have the ability to add, create, or delete data in the storage account.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create a Storage Container
  • Log in to the Azure Portal with the credentials provided.
  • Create a new storage container in the pre-provisioned storage account.
Copy Data into the Storage Container
Generate a SAS URI for the Storage Account
  • Generate a SAS URI which will only have read and list access to the data inside the storage container.
  • The contractor should only have access to the storage container; no other access should be granted.
  • Test the SAS URI with storage explorer to verify restricted access.

Additional Resources

Note: In the lab, the solution grants access to all blob containers in the storage account.

You've determined that a SAS token will provide the granular access required. Complete the following tasks:

  • Create a storage container
  • Move the data that the contractor needs to access into the storage container
  • Generate a SAS URI

We will then save the SAS URI and provide it to the contractor so they can use it to gain access to the data via storage explorer.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?