Technically it is possible to do so however it is not a recommended approach. Reason being, there can only be 5 access policies on a blob container at any point of time and the process to change access policies would require a round trip to storage (i.e. a network call). Assuming there are 100s of users on your website and all of them accessing the same resource. By changing access policy on the fly would result in errors for some of the users plus because it involves a network call, the overall experience may be degraded.
One thing you could do is keep the SAS expiry time short so that the SAS URL is valid for a short amount of time so that there are less chances of it being misused.
To change the access policy, you would 1st need to fetch the existing access policies on a container. Then you could either update the access policy identifier or remove that access policy + create a new access policy and then save the access policies.