Hi Team,
We would like to extend the Privilege identity service to Storage accounts with Just in time access for file storage, disk management. Please suggest.
Geeaz
Hi Team,
We would like to extend the Privilege identity service to Storage accounts with Just in time access for file storage, disk management. Please suggest.
Geeaz
@Geeaz Welcome to Microsoft Q&A Platform, Thank you for posting here!
The principal of least privilege when assigning permissions to an Azure AD security principal via Azure RBAC: When assigning a role to a user, group, or application, grant that security principal only those permissions that are necessary for them to perform their tasks. Limiting access to resources helps prevent both unintentional and malicious misuse of your data.
The principal of least privilege when assigning permissions to a SAS: When creating a SAS, specify only those permissions that are required by the client to perform its function. Limiting access to resources helps prevent both unintentional and malicious misuse of your data.
Each time you access data in your storage account, your client makes a request over HTTP/HTTPS to Azure Storage. Every request to a secure resource must be authorized, so that the service ensures that the client has the permissions required to access the data. Authorizing access to data in Azure Storage
Azure security baseline for Azure Storage
Refer here for how Assign a role and it works.
Hope this helps!
Kindly let us know if the above helps or you need further assistance on this issue.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
7 people are following this question.