azure:az-500:data_and_application_security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
azure:az-500:data_and_application_security [2022/06/27 01:08] – [Shared Access Signature (SAS)] mmuzeazure:az-500:data_and_application_security [2022/07/22 00:59] (current) mmuze
Line 4: Line 4:
  
 ===== Configure security for storage ===== ===== Configure security for storage =====
 +  * [[azure:azure_storage|Azure Storage]]
   * [[azure:az-500:Storage Security]]   * [[azure:az-500:Storage Security]]
   * Configure access control for storage accounts   * Configure access control for storage accounts
Line 28: Line 29:
   * Configure backup and recovery of certificates, secrets, and keys   * Configure backup and recovery of certificates, secrets, and keys
  
-====== Storage Account Access ====== 
-  * [[https://docs.microsoft.com/en-us/learn/modules/storage-security/4-shared-access-signatures]] 
-  * [[https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview]] 
-  * [[https://docs.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory|Azure AD]] is the recommended way to provide authorization for storage account access. 
-  * A [[https://docs.microsoft.com/en-us/rest/api/storageservices/define-stored-access-policy|stored access policy]] is an additional level of protection that can be used in conjunction with service-level shared access signatures (SAS) authentication. It provides and expiration date and permissions that can be used independent of the SAS token/URL. This provides more flexibility for revoking access. 
- 
-===== Shared Access Signature (SAS) ===== 
-  * A **user delegation** SAS is secured with Azure Active Directory (Azure AD) credentials and also by the permissions specified for the SAS. A user delegation SAS applies to Blob storage only. 
-  * A **service SAS** is secured with the storage account key. A service SAS delegates access to a resource in only one of the Azure Storage services: Blob storage, Queue storage, Table storage, or Azure Files. 
-  * An **account SAS** is secured with the storage account key. An account SAS delegates access to resources in one or more of the storage services. All of the operations available via a service or user delegation SAS are also available via an account SAS. 
  
 ===== Azure Key Vault ===== ===== Azure Key Vault =====
Line 123: Line 114:
 ===== § ===== ===== § =====
   * [[azure:az-500:Azure Monitor]]   * [[azure:az-500:Azure Monitor]]
 +
 +====== HDInsight ======
 +  * To support multiuser access an HDInsight cluster requires AADDS.
  
  • azure/az-500/data_and_application_security.1656292125.txt.gz
  • Last modified: 2022/06/27 01:08
  • by mmuze