question

PasqualeGagliano-6021 avatar image
0 Votes"
PasqualeGagliano-6021 asked deherman-MSFT edited

How can I create a SAS token that would allow to add, modify and delete files on a specific container BUT would prevent to download files?

I tried with AWDL permissions that indeed allowed user to add files and prevented them to download BUT it did not allow to delete files that may have been potentially and accidentally saved. Why Delete permission did not work and failed with Insufficient Privileges' message?

azure-storage-explorer
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

deherman-MSFT avatar image
0 Votes"
deherman-MSFT answered deherman-MSFT edited

@PasqualeGagliano-6021
I have tested and found the same from my side. I believe this is a bug with AzCopy and have opened an issue with the service team. You can track the issue here.

I found that the equivalent CLI commands with the same token. As a workaround you can use this command:

 az storage blob delete -c containername -n blobname --account-name name --sas-token "?sv=2020-04-08&st=2021-09-14T22%3A35%3A28Z&se=2021-09-15T22%3A35%3A28Z&sr=c&sp=wdl&sig=REDACTED"

Hope this helps. I will track the GitHub issue and provide any updates when they become available.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.