0

I have an application deployed in Azure. The users are authenticated using Entra ID. I would like to give the ability to each user to upload his files and make sure he is the only one able to access them to download them later.

my current idea is to have these files stored in azure blob storage and protected via RBAC. My question is: How to automate the creation of a dedicated folder to each user on demand and make sure that its protected and can be accessed only by him ?

Improve this question

1 Answer 1

Reset to default
0

Each user on demand should ensure that the content is protected and can be accessed only by them.

According to this Documentation, first, you need to manually create the folder with the username in the storage account.

By following the above documentation, add a role assignment to the particular user to access the folder using the following expression.

Ensure that the storage accounts included in this condition have a hierarchical namespace enabled or might be enabled in the future.

Portal:

Assign a role assignment with the Storage Blob Data Owner role and condition.

enter image description here

Condition: enter image description here

This will allow access to a specific folder with specific permission for the particular user.

Structure:

enter image description here

Reference: Tutorial: Add a role assignment condition to restrict access to blobs using the Azure portal - Azure ABAC - Azure Storage | Microsoft Learn

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.