Azure存储帐户-只读组 [英] Azure Storage Account - Read Only Group
问题描述
我有一个Azure存储帐户,还有一个名为读者"的用户组 我想授予读者"组对存储帐户中所有blob和容器的只读访问权限.
I have an Azure Storage account, and a group of users called 'Readers' I want to give the Readers group read-only access to all blobs and containers in the storage account.
我尝试过: 在存储帐户">访问控制">添加">"
I've tried: In the Storage Account > Access Control > Add >
Role: Storage Blob Data Reader
Assign access to: Azure AD user, group, or application
Select: Readers
但是读者"组中的用户甚至看不到要尝试访问的存储帐户.
But users in the Readers group could not even see the storage account to try and access it.
然后我删除了上面的访问控制并尝试: 我尝试过:在存储帐户">访问控制">添加">
I then removed the above access control and tried: I've tried: In the Storage Account > Access Control > Add >
Role: Reader
Assign access to: Azure AD user, group, or application
Select: Readers
使用此帐户,用户可以看到存储帐户,但不能访问Blobs
With this one, the user could see the storage account but not access Blobs
我也尝试过同时设置这两种设置,并且用户可以看到Blob,但无法访问它们.
I have also tried having both of these set, and the user could see the Blobs but not access them.
有人知道如何授予对blob及其内容的只读访问权限吗?
Does anyone know how to grant Read-Only access to the blobs and its contents?
一个关键要求是,他们不应该能够访问存储帐户的访问密钥.
One key requirement is that they should not be able to get to the Access Keys of the storage account.
推荐答案
当前,存储Blob数据读取器角色处于预览状态.使用RBAC,您只能控制对用于管理该存储帐户的操作的访问,而不能控制对该帐户中数据对象的访问.例如,您可以授予权限以检索存储帐户的属性(例如冗余),但不授予容器或Blob存储内部容器中的数据的权限.建议您使用共享访问签名为Azure Blob存储授予权限.
Currently Storage Blob Data Reader role is in preview. With RBAC you can only control access to the operations used to manage that storage account, but not to the data objects in the account. For example, you can grant permission to retrieve the properties of the storage account (such as redundancy), but not to a container or data within a container inside Blob Storage. I suggest you use Shared Access Signature to grant permissions to Azure blob storage.
有关更多信息,请参阅: https://docs.microsoft. com/en-us/azure/storage/common/storage-security-guide#granting-access
For more information refer: https://docs.microsoft.com/en-us/azure/storage/common/storage-security-guide#granting-access
这篇关于Azure存储帐户-只读组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
