Settings for using Azure Blob Storage

Access permissions for containers and objects

When using an account SAS to upload objects to Azure Blob Storage or download objects from Azure Blob Storage, specify the account SAS permissions as shown in the table below.

For details on how to grant permissions, refer to the respective Azure documents provided by Microsoft.

When using the upload function, the required permissions are the same whether "New Creation" or "Replace" is specified for Registration Mode in the Receive Management Information.

Table 2.6 Required permissions for object upload

Receive Management Information

Service

Resource

Permission

Registration Mode

New Creation

Blob

Container
Object

Read
Write

Replace

Table 2.7 Required permissions for object download

Service

Resource

Permission

Blob

Object

Read

When using Azure Active Directory (Azure AD) authentication with a managed identity for an Azure resource to upload objects to Azure Blob Storage or download objects from Azure Blob Storage, specify the Azure role permissions as shown in the table below.

For details on how to grant permissions, refer to the respective Azure documents provided by Microsoft.

When using the upload function, the required permissions differ according to whether "New Creation" or "Replace" is specified for Registration Mode in the Receive Management Information.

Table 2.8 Required permissions for object upload

Receive Management Information

Permission

Registration Mode

Azure role-based access control (Azure RBAC)

New Creation

Microsoft.Storage/storageAccounts/blobServices/containers/read

Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read

Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action

Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write

Replace

Microsoft.Storage/storageAccounts/blobServices/containers/read

Storage/storageAccounts/blobServices/containers/blobs/write

Table 2.9 Required permissions for object download

Permission

Azure role-based access control (Azure RBAC)

Microsoft.Storage/storageAccounts/blobServices/containers/read

Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read