question

VishweshAnilChaudhari-2215 avatar image
0 Votes"
VishweshAnilChaudhari-2215 asked SumanthMarigowda-MSFT edited

Azure storage : SAS token on containers

We are using the blob storage SAS token on the container level.


According to account SAS documentation https://docs.microsoft.com/en-us/rest/api/storageservices/create-account-sas.

which specifies that "ss" query parameter is required in the SAS token.
But that's not the case with container-level SAS tokens.

Is there any documentation for container-level SAS tokens?
Thanks

azure-blob-storage
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SumanthMarigowda-MSFT avatar image
1 Vote"
SumanthMarigowda-MSFT answered SumanthMarigowda-MSFT edited

@VishweshAnilChaudhari-2215 Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

Let me explain difference between account level SAS and Container level SAS.

The signed resource types that are accessible with the account SAS. Service (s): Access to service-level APIs; Container (c): Access to container-level APIs; Object (o): Access to object-level APIs for blobs, queue messages, table entities, and files.

Ex: When you generate shared access signature for all service it includes allowed resource types (The services accessible with the account SAS) and The services accessible with the account SAS https://su**2std.blob.core.windows.ne**t/?sv=2020-08-04&ss=bfqt&srt=sc&s**p=rwdlacupitfx&se=2022-04-08T19:43:50Z&st=2022-04-08T11:43:50Z&spr=https&sig=U

The signed services accessible with the account SAS. Possible values include: Blob (b), Queue (q), Table (t), File (f).

When generate same SAS token for the container it's only for that specified container. https://sub***d.blob.core.windows.net/office-desktop**?sp=racwdl&st=2022-04-08T11:35:10Z&se=2022-04-08T19:35:10Z&spr=https&sv=2020-08-04&sr** We have container level SAS's with read/write/list which isolates each container from other containers. This works well as each client only has access to their own container.

Here's an example of a service SAS URI, showing the resource URI and the SAS token. Because the SAS token comprises the URI query string, the resource URI must be followed first by a question mark, and then by the SAS token:

191371-image.png

In this article, you'll learn how to generate user delegation shared access signature (SAS) tokens for Azure Blob Storage containers

Please let us know if you have any further queries. I’m happy to assist you further.


Please do not forget to 191316-screenshot-2021-12-10-121802.pngand “up-vote” wherever the information provided helps you, this can be beneficial to other community members.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CristianCarrion-7511 avatar image
0 Votes"
CristianCarrion-7511 answered VishweshAnilChaudhari-2215 commented

Do you have some problem, error code or is a question only.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Cristian,

Just wanted to check if "ss" is required on container level SAS token or not?

Thanks for the quick reply.

0 Votes 0 ·