question

braxx avatar image
0 Votes"
braxx asked SumanthMarigowda-MSFT commented

unable to load delete retention policy properties / unable to retrive child resources

Having the issue extracting files from Data Lake / blob storage with Storage Explorer via SAS token. Here is the error I got when selecting "load more" to get a list of blobs
43549-capture123.png


Here is how my connection string looks like with all the permissions granted.
Blob
https://xxxx.blob.core.windows.net
SAS token
?sv=2019-12-12&ss=bf&srt=c&sp=rlc&se=2021-06-29T22:37:40Z&st=2020-09-24T14:37:40Z&spr=https&sig=YYYY


When creating a connection in Storage Explorer i was notified some parameters was missing like:
43639-capture333.png
43741-capture44.png
43702-capture55.png

After hacking the SAS url by manually adding these parameters, Storage Explorer let me create the connection.
But when extracting I used to get "unable to load delete retention policy properties"/ "unable to retrive child resources" error.

Is there any permission needed? Do not know what I am doing wrong.


azure-blob-storageazure-storage-explorer
capture123.png (196.8 KiB)
capture333.png (18.8 KiB)
capture44.png (72.6 KiB)
capture55.png (20.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

deherman-MSFT avatar image
0 Votes"
deherman-MSFT answered

@braxx I believe the issue is that you are creating an account SAS and attempting to use that to access a container. Since the account SAS you are creating only has SignedResourceTypes (srt) set to container you will not be able to list containers in the account. If you wish to list all the containers in the account you need to have srt=sc if you wish to also get and delete blobs you will need Object (o) permissions. This table is helpful in understanding the which signed resource type and signed permissions to specify to delegate access to those operations.

Hope this helps! If you still have issues let me know and I will be happy to assist.



Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

braxx avatar image
0 Votes"
braxx answered SumanthMarigowda-MSFT commented

You were right. The problem was in a missing permission.
I agree. When creating a SAS for whole storage / all the containers, access for Service must be granted in SAS otherwise the child items which i guess are container's names in this case will not be listed.
I finally solved it by generating a new SAS with Access Policy with, read, write, create, delete and list access to a specific container, instead of granting Service access to all the containers.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@braxx Glad you found the information helpful! Thanks for the update and your positive comment.

0 Votes 0 ·