I have created a custom role from a JSON file and the role name is "Storage Blob Operations_Custom" The purpose of this role is i would like to give my Azure Admin all the Data Actions except seeing the Blob Contents in the respective containers. My role definition is given below
{
"name": "Storage Blob Operations_Custom",
"IsCustom": true,
"Description": "Return a container or list of containers + Perform Data Actions on a blob except reading the blob contents",
"Actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/read"
],
"NotActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/write",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"DataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
],
"NotDataActions": [],
"AssignableScopes": [
"/subscriptions/<my subscription ID>"
]
}
After assigning this role to a particular user, when i log in with that user account, i am not able to upload any blobs to the containers that i have, i am not able to view the blobs also if i click on any of the containers Even though my data actions has blobs/delete and blobs/write, why i am not able to view the blobs or upload any blobs? How do i ensure that i can see the blob (Excluding the contents) and perform operations on the blobs, like delete, upload, move and add. Any help is appreciated
