New-​Azure​Storage​Account​SA​SToken

Creates an account-level SAS token.

Syntax

New-AzureStorageAccountSASToken
   [-Context <IStorageContext>]
   [-ExpiryTime <DateTime>]
   [-IPAddressOrRange <String>]
   [-Permission <String>]
   [-Protocol <SharedAccessProtocol>]
   -ResourceType <SharedAccessAccountResourceTypes>
   -Service <SharedAccessAccountServices>
   [-StartTime <DateTime>]
   [<CommonParameters>]

Description

The New-AzureStorageSASToken cmdlet creates an account-level shared access signature (SAS) token for an Azure Storage account.

You can use the SAS token to delegate permissions for multiple services, or to delegate permissions for services not available with an object-level SAS token.

Examples

Example 1: Create an account-level SAS token with full permission

PS C:\> New-AzureStorageAccountSASToken -Service Blob,File,Table,Queue -ResourceType Service,Container,Object -Permission "racwdlup"

This command creates an account-level SAS token with full permission.

Example 2: Create an account-level SAS token for a range of IP addresses

PS C:\> New-AzureStorageAccountSASToken -Service Blob,File,Table,Queue -ResourceType Service,Container,Object -Permission "racwdlup" -Protocol HttpsOnly -IPAddressOrRange 168.1.5.60-168.1.5.70

This command creates an account-level SAS token for HTTPS-only requests from the specified range of IP addresses.

Required Parameters

-ResourceType

Specifies the resource types that are available with the SAS token. The acceptable values for this parameter are:

  • None
  • Service
  • Container
  • Object
Type:SharedAccessAccountResourceTypes
Parameter Sets:None, Service, Container, Object
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Service

Specifies the service. The acceptable values for this parameter are:

  • None
  • Blob
  • File
  • Queue
  • Table
Type:SharedAccessAccountServices
Parameter Sets:None, Blob, File, Queue, Table
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Optional Parameters

-Context

Specifies the Azure storage context. You can use the New-AzureStorageContext cmdlet to get an AzureStorageContext object.

Type:IStorageContext
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName, ByValue)
Accept wildcard characters:False
-ExpiryTime

Specifies the time at which the shared access signature becomes invalid.

Type:DateTime
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-IPAddressOrRange

Specifies the IP address or range of IP addresses from which to accept requests, such as 168.1.5.65 or 168.1.5.60-168.1.5.70. The range is inclusive.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Permission

Specifies the permissions for Storage account. Permissions are valid only if they match the specified resource type. For more information about acceptable permission values, see Constructing an Account SAShttp://go.microsoft.com/fwlink/?LinkId=799514

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Protocol

Specifies the protocol permitted for a request made with the account SAS. The acceptable values for this parameter are:

  • HttpsOnly
  • HttpsOrHttp

The default value is HttpsOrHttp.

Type:SharedAccessProtocol
Parameter Sets:HttpsOnly, HttpsOrHttp
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-StartTime

Specifies the time, as a DateTime object, at which the SAS becomes valid. To get a DateTime object, use the Get-Date cmdlet.

Type:DateTime
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False