Sunday, January 26, 2020
Data Platform Tips 60 - Shared Access Signatures (SAS) in Azure Storage
Azure Storage supports three types of Shared Access Signatures.
User Delegation SAS - It is secured by Azure Active Directory credentials along with the permissions specified on the SAS. This is applicable to Blob storage only.
Service SAS - It is secured with Storage Account Key and delegates access to resources on one of the storage services - Blob, Queue, Table and Azure Files.
Account SAS - It is also secured with Storage Account Key and delegates access to resources one or more of the storage services - Blob, Queue, Table and Azure Files.
A SAS can take 2 forms one is
Ad-hoc SAS - When you create an ad hoc SAS, the start time, expiry time, and permissions for the SAS are all specified in the SAS URI.
SAS with a Storage access policy - This can be created on Blob, Queue, Table or File Share and can be used to manage constraints over one or more service Shared Access Signatures.
You can create SAS either via Azure Portal, Azure CLI or even through Azure Storage Explorer.