I have two Azure Blob Storage containers. Container A and B. I would like to grant Read only access to another Azure User for Container-A. The second container Container-B should not be visible to the Azure user. The Azure user will be accessing the blobs in Container-A from his Azure Virtual Machine. How do I achieve this? Reading on the web seems that I would need to generate Shared Access Signature, but how I am not sure.
1 Answers
2
votes
Exactly, that is the scenario where you want to use SAS. First, please read the Azure Storage security guidance to make sure that you are aware of all of the available options. Here is the very helpful guidance on the SAS model.
Second, you need to generate the SAS with policies (please, refer to the guidances above). It can be done programmatically (sources are available in the guidance) and then you may give that SAS link to user you want anyway you want - it can be the online page where the user can grab the string, or you can write the simple tool to generate the SAS. Be aware, however, that they have the "life" and you need to renew them periodically.
