Controlling storage access means managing who can read, write, or manage data stored in your cloud environment (like Azure Blob Storage or File Shares).
Why It’s Important:
Keeps unauthorized users out
Ensures data security
Supports compliance and auditing
Common Tools Used:
Role-Based Access Control (RBAC) – Assigns permissions based on user roles (e.g., Reader, Contributor)
Access Keys / SAS Tokens – Temporary access without full credentials
Network restrictions – Limit access to certain IP addresses or networks
Step 1 from the Azure portal home page, in the search box, enter storage accounts. Select storage accounts under services.
Step 2 On the storage account blade, under the Data storage submenu, select Containers. Select + Add container.
In the Name field, enter storage-container.
Select Create.
Role 2 Upload a file to the storage container
Step 1 Select the storage container you just created.
step 2 Select Upload and upload the file you prepared.
ROLE 3 Change the access tier
STEP 1Select Cold. Select Save.
ROLE 4 Create a file share
Creating a file share means setting up a shared storage space in the cloud (like in Azure Files) where multiple users or systems can store, access, and share files over a networ
STEP 1 Select storage accounts under services.
Select the storage account you created in the Prepare exercise. The storage account name is the hyperlink to the storage account. (Note: it should be associated with the resource group guided-project-rg.)
On the storage account blade, under the Data storage submenu, select File shares.
Select + File share. On the Basics tab, in the name field enter file-share. On the Backup tab, uncheck Enable backup.
Select Review + create.
Select Create.
Once the file share is created, select Upload.
Upload the same file you uploaded to the blob storage or a different file, it’s up to you.
Select Home to return to the Azure portal home page.
ROLE 5 Create a shared access signature token
A Shared Access Signature (SAS) token is a secure, time-limited link that gives specific access to your cloud storage (like files or blobs) without sharing your main account keys.
Step1 On the storage account blade, select Storage browser.
Expand Blob containers. Select the storage container you created earlier, storage-container.
Step 2 Select the ellipses (three dots) on the end of the line for the image you uploaded.Select Generate SAS.
step3 Set Allowed protocols to HTTPS only.
Select Generate SAS token and URI.
Copy the Blob SAS URL and paste it in another window or tab of your browser. It should display the image you uploaded. Keep this tab or window open
Role 6 Rotate access keys
Rotating access keys means regularly changing your storage or service keys (like those in Azure) to enhance security and reduce the risk of unauthorized access.
step 1
Select storage accounts under services.Expand the Security + networking submenu. Select Access keys.
step 2
For Key 1, select Rotate key.
Read and then acknowledge the warning about regenerating the access key by selecting Yes
Top comments (0)