Jan Pavtel Jan Pavtel - 1 year ago 69
Java Question

Is it possible to generate SAS (Shared Access Signature) with write permission for given directory in azure blob storage

Our blob storage account structure:

container name: simple

inside this container we have blobs:


Is it possible to generate SAS with write permission for aa “directory”, but no access for bb “directory”?

With Amazon AWS we can easily create restrictions based on object/blob prefix name, but I can't find similar functionality in azure storage sdk for java.

Answer Source

As of today, it is not possible to do so at the folder level because as such there's no folder in Azure Blob Storage.

You can either create a SAS at a container level or at the blob level. If you want your users to only upload files with certain names, you can very well create a SAS with write permission on the blob name. Blob need not be present when you're creating a SAS.

Thus when your users upload a file using this SAS, it will be saved as a blob that you have chosen to name. So what you will do is create a SAS for a blob named bb/ss.zip and give it to a user. When the user uploads the file, it will be saved as bb/ss.zip in your blob container.