Forum Discussion
Storage Account, grant SAS tokens but not Entra ID
Hi there, I was playing with Entra and storage account, and I do have permissions in my subscription to generate SAS tokens for sharing access. But when I'm trying to grant Entra ID accesses. that s...
Try fix by below steps:
- Check Role Assignments: Ensure that the user or service principal has been assigned the necessary roles. Common roles for accessing storage accounts include:
- Storage Blob Data Contributor: Allows read, write, and delete access to blob containers and data.
- Storage Blob Data Reader: Allows read access to blob containers and data.
- Assign Roles:
- Go to your storage account in the Azure portal.
- Navigate to Access control (IAM).
- Click on Add role assignment.
- Select the appropriate role (e.g., Storage Blob Data Contributor).
- Assign the role to the user, group, or service principal.
- Verify Permissions: Make sure that the permissions are correctly assigned and that there are no conflicting policies or restrictions.
- Use Managed Identities: For better security and ease of use, consider using managed identities to access your storage account. Managed identities can be used to authenticate and authorize access without needing to manage credentials.