Create Azure access controls

Learn how to create Azure access controls.

Before you create Azure access controls, you must have created Azure client credentials. For more information, see topic Create Azure client credentials.

Azure grants access to resources based on the Azure role assigned to an application service principal. Create access controls to associate a role with the Azure client credentials for accessing your Azure account storage container.

To create Azure access controls:

Navigate to and select the Azure storage account for which you want to create access controls.
1. In the Microsoft Azure portal, select Storage Accounts.
2. Select the Storage Account you previously created in Create an Azure storage account.
On the Storage account page, select Access Control.
On the Access Control page, select the + New Role button.
On the Create a custom role page, complete the Roles tab:
- Custom role name: Enter a name for this custom role.
  Tip: Take note of this value. You'll need it when you Create event notification integrations in Snowflake (Azure).
- Description: Enter a brief description of this role.
- Baseline permissions: Leave at the default Clone a role option.
- Role to clone: From the drop-down menu, select Storage blob data contributor.

Select the JSON tab and specify the permissions for this role:

Select Edit and replace the permissions section with the following:

"permissions": [
            {
                "actions": [
                    "Microsoft.Storage/storageAccounts/blobServices/containers/read",
                    "Microsoft.Storage/storageAccounts/blobServices/containers/write"
                ],
                "notActions": [],
                "dataActions": [
                    "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
                    "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
                ],
                "notDataActions": []
            }
        ]

Select Save.

At the bottom of the page, select the Review and Create button.
In the Review and Create tab, review the details of the custom role and then at the bottom of the page select Create:
- Basics
- Permissions
- Assignable Scopes
In the displayed You have successfully created the custom role confirmation message, select OK.
On the Access Control (IAM) page, in the Roles tab, create role assignments:
1. From the top menu bar, select Add > Add role assignment.
2. On the Add role assignment page, in the Role tab, highlight the name of your new custom role abd then select the Members tab.
3. Complete the Members tab:
  - Selected role: View the name of your custom role.
  - Assign access to: Leave the default User, group, or service principal option selected.
  - Members: Select + Select members and in the panel displayed on the right, search for and select the Application Display Name you created in Create Azure client credentials. Selected members are displayed in the table in this section.
  - Description: Enter a brief description of the role members.
4. At the bottom of the page, select Review + assign.
5. In the Review + assign tab, review the details you specified:
  - Role
  - Scope
  - Members
  - Description
  - Condition
6. At the bottom of the page, select Review + assign again.
Back on the Access Control (IAM) page, after the Adding Role assignment notification clears, view your new custom role in the list.

For general information, see Assign an Azure role for access to blob data - Azure Storage in the Microsoft Azure documentation documentation.

Accelerate the Value of Data

Create Azure access controls

Footer