I need to grant AD users with minimum permission to do following activities using blob storage, what are the roles to be assigned.
Access to a storage account with read/write/delete permission on all containers and blobs underneath in Azure Portal
Ability to create SAS token.
Any help is much appreciated, thanks in advance
Access to a storage account with read/write/delete permission on all containers and blobs underneath in Azure Portal
For this Storage Blob Data Contributor role should be sufficient as it allows read/write/delete permissions to Blob storage resources.
Ability to create SAS token.
For this Storage Blob Delegator will be needed.
For a list of Azure built-in roles for blobs, please see here.
Ability to create SAS token for creating external tables in azure data base pointing to the blob containers within the storage account.in more details. 1st requirement is pretty straightforward. – Gaurav Mantri