How can I create a SAS token that would allow to add, modify and delete files on a specific container BUT would prevent to download files?

Pasquale Gagliano 1 Reputation point
2021-09-14T16:21:03.407+00:00

I tried with AWDL permissions that indeed allowed user to add files and prevented them to download BUT it did not allow to delete files that may have been potentially and accidentally saved. Why Delete permission did not work and failed with Insufficient Privileges' message?

Azure Storage Explorer
Azure Storage Explorer
An Azure tool that is used to manage cloud storage resources on Windows, macOS, and Linux.
230 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. deherman-MSFT 33,456 Reputation points Microsoft Employee
    2021-09-14T23:09:59.813+00:00

    @Pasquale Gagliano
    I have tested and found the same from my side. I believe this is a bug with AzCopy and have opened an issue with the service team. You can track the issue here.

    I found that the equivalent CLI commands with the same token. As a workaround you can use this command: 

    az storage blob delete -c containername -n blobname --account-name name --sas-token "?sv=2020-04-08&st=2021-09-14T22%3A35%3A28Z&se=2021-09-15T22%3A35%3A28Z&sr=c&sp=wdl&sig=REDACTED"

    Hope this helps. I will track the GitHub issue and provide any updates when they become available.

    0 comments