In this section, we will check AD authentication for storage.
- Azure gives many different ways to access the content of storage account. We have already seen Access Keys, Shared access signatures.
- Microsoft also offers role based access aka (RBAC) as shown below.
- This access control is pretty familiar and available to almost every resource.
- Now, we can click on role assignments and we can see list of applications which are granted access.
- Now, I can click on Add
- We can grant access as individual, contributor, reader etc. If we scroll further down, then we can see storage level access.
- Now, I have added dave black as storage blob reader access. This will take couple of minutes to propagate.
- Any application which authenticated with Azure AD have an user with the name as dave black will have reader access to this storage account. In this we are using role based access to control the access to the storage accounts. We can see that user is added to the storage account.