So we are delivering a solution to our customer, there is a private form that each user should fill, and one of the fields is a document the user should upload as an image.
What we did so far, we have a storageaccount and app registration with permissions to write and read to the storage account.
So the user performs a POST request to our API,
the api then uploads the stream to a specific container using blobService.
But the problem now is that we have to make sure the file can be accessed only by the form reviewers and the user itself, so how can we accomplish this requirement, which, every user has its own private files which only the reviewers( a group) and him can access it afterwards., it all has to be dynamically in runtime code, the dynamic accesss grant of each photo is user who made the POST request.