4

we are trying to set up a storage account where a third party company can come and programmatically collect updated files, we upload a new file, then the company gets an email notification but we are stuck where the company needs a sas token, that’s fine but it’s per blob, does anyone know how we can set up access to storage account for third party for them to programmatically collect the latest files in a secure mannner?

Thanks in advance :)

Zareh Kasparian
  • 517
  • 3
  • 17
Norrin Rad
  • 353
  • 1
  • 4
  • 12

1 Answers1

5

If you want to give access at the container level, specify "container" as the allowed resource type.

enter image description here

CSharpRocks
  • 306
  • 1
  • 4
  • does that give them access to the container and then the 3rd party company can query the account for latest file, what happens when someone generates a new SAS, will the previous stay active until the end date specified in the token? – Norrin Rad Oct 30 '19 at 11:52
  • Q1: Yes. Q2: the previous ones stay active as you can't revoke them. If you want to be able to revoke a SAS, first create a Stored Access Policy then a SAS based on that SAP as you can revoke a SAP. – CSharpRocks Oct 30 '19 at 11:58
  • thanks that’s a great help, one last question if i may, they use the url and the sas token to access the container and extract the latest file added, would they use powershell or internet explorer for this, for individual blobs it’s IE not sure about container files – Norrin Rad Oct 30 '19 at 12:03
  • When using the container URL combined with the SAS with the List permission, they will be able to list the files with any tool/language. – CSharpRocks Oct 30 '19 at 12:26
  • 1
    Hi Guy :) Welcome to SF. It's always nice to see another Canadian MVP around :) – yagmoth555 Oct 30 '19 at 13:03