You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Securing your Azure Storage accounts is essential for protecting sensitive data. Azure provides multiple layers of security — from network controls and authentication mechanisms to encryption at rest and in transit. This lesson covers the full security stack for Azure Storage, including identity-based access, shared access signatures, network security, encryption, and advanced threat protection.
Azure Storage supports several methods for authenticating and authorising requests:
The recommended approach for production workloads. Use Azure Role-Based Access Control (RBAC) to assign granular permissions.
| Role | Description |
|---|---|
| Storage Blob Data Owner | Full access to Blob Storage data, including managing POSIX ACLs |
| Storage Blob Data Contributor | Read, write, and delete blobs |
| Storage Blob Data Reader | Read-only access to blobs |
| Storage Queue Data Contributor | Read, write, and delete queue messages |
| Storage Table Data Contributor | Read, write, and delete table entities |
# Assign Blob Data Reader role to a user
az role assignment create \
--assignee user@example.com \
--role "Storage Blob Data Reader" \
--scope /subscriptions/<sub>/resourceGroups/rg-demo/providers/Microsoft.Storage/storageAccounts/mystorageaccount
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.