Intro

My notes on Shared Access Signature (SAS). A shared access signature (SAS) is a URI that grants restricted access rights to Azure Storage resources

Dcoumentation

• Grant limited access to Azure Storage resources using shared access signatures (SAS)

•  

Tips and Tidbits

• Shared access signature (SAS) provides secure delegated access to resources.

• SAS offers granular control over data access, including the ability to limit access to an individual storage object, such as a blob, restricting such access to a custom time window, as well as filtering network access to a designated IP address range.

• By distributing a shared access signature URI to these clients, you grant them access to a resource for a specified period of time.

• SAS is a secure way to share your storage resources without compromising your account keys.

• There are two types of SAS: account and service.

  • The account SAS delegates access to resources in one or more of the storage services.

  • The service SAS delegates access to a resource in just one of the storage services.

    
    
    

SAS Fields

• Be careful with SAS start time. If you set the start time for a SAS to now, then due to clock skew (differences in current time according to different machines), failures may be observed intermittently for the first few minutes.

  • In general, set the start time to be at least 15 minutes in the past. Or, don't set it at all, which will make it valid immediately in all cases.

  • The same generally applies to expiry time as well - remember that you may observe up to 15 minutes of clock skew in either direction on any request.

Copying A File With A SAS Token

Note the SAS token ?sv=2020-02-10&ss=b&srt=sco&sp=rlc&se=2021-03-16T10:42:13Z&st=2021-03-13T02:42:13Z&spr=https&sig=%2B%2FFF52GVJ0vfKF%2F6l%2BLY9DjvAiToW2shr8VQNbeEl%2Bs%3D is added after the destination path which includes the container name container1 and filename in the container az30306ablob.html