Create Azure access controls
Learn how to create Azure access controls.
- Navigate to and select the Azure storage account for which you want to create access controls:
- In the Microsoft Azure portal, select Storage Accounts.
- Select the Storage Account you previously created in Create an Azure storage account.
- On the Storage account page, select Access Control.
- On the Access Control page, select the + New Role button.
- On the Create a custom role page, complete the Roles tab:
-
Custom role name: Enter a name for this custom role.
Tip: Take note of this value. -
Description:: Enter a brief description of this role.
-
Baseline permissions: Leave at the default Clone a role option.
-
Role to clone:: From the drop-down menu, select Storage blob data contributor.
-
- Select the JSON tab and specify the permissions for this role:
- Select Edit and replace the
permissions
section with the following:"permissions": [ { "actions": [ "Microsoft.Storage/storageAccounts/blobServices/containers/read", "Microsoft.Storage/storageAccounts/blobServices/containers/write" ], "notActions": [], "dataActions": [ "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read", "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write" ], "notDataActions": [] } ]
- Select Save.
- Select Edit and replace the
- At the bottom of the page, select the Review and Create button.
- In the Review and Create tab, review the details of the custom role:
-
Basics
-
Permissions
-
Assignable Scopes
-
- At the bottom of the page, select Create.
- In the displayed You have successfully created the custom role confirmation message, select OK.
- On the Access Control (IAM) page, in the Roles tab, create role assignments:
- From the top menu bar, select .
- On the Add role assignment page, in the Role tab, highlight the name of your new custom role abd then select the Members tab.
- Complete the Members tab:
-
Selected role: View the name of your custom role.
-
Assign access to: Leave the default User, group, or service principal option selected.
-
Members: Select + Select members and in the panel displayed on the right, search for and select the Application Display Name you created in Create Azure client credentials. Selected members are displayed in the table in this section.
-
Description: Enter a brief description of the role members.
-
- At the bottom of the page, select Review + assign.
- In the Review + assign tab, review the details you specified:
-
Role
-
Scope
-
Members
-
Description
-
Condition
-
- At the bottom of the page, select Review + assign again.
- Back on the Access Control (IAM) page, after the Adding Role assignment notification clears, view your new custom role in the list.