Permissions required to upload to Azure Container

0
votes

I am trying to give an outside user permission to upload a large file to a container within an Azure data storage account. If I view the overall permissions of the user across the resource group, it looks as follows:

enter image description here

They're saying they can't get access and they need Contributor permissions assigned on the Subscription and the Resource Group too. In my inexperienced mind that indicates they'll have visibility of all the resources. Are they correct or should the permissions I assigned be sufficient?

1
azure

1 Answers

1
votes

The role you're looking for is Storage Blob Data Contributor which would give the user permissions to read, write, and delete Azure Storage containers and blobs. You can assign this role to a user on a specific blob container.

Other option for you would be to create a Shared Access Signature with just Write permission and proper expiry date for a blob container. They can use that to upload a file in that blob container.

Yet another option is to use Azure Data Share service. You can read more about how you can receive files using this service here: https://docs.microsoft.com/en-us/azure/data-share/subscribe-to-data-share.