Differences

This shows you the differences between two versions of the page.

--- azure:az-500:storage_security [2022/07/20 19:07] – mmuze
+++ azure:az-500:storage_security [2022/07/20 19:08] (current) – [Shared Access Signature(SAS)] mmuze
@@ Line 30: / Line 30: @@
   * The only way to revoke a SAS (that was signed by a key) is to revoke (regenerate) the access key that was used to sign it. This is not ideal because that key could be used in other ways and this would be a disruptive operation. That is where a **stored access policy** can be of use (for service-level SAS only).
+  * There are tree types of SAS, user delegated, service SAS and account SAS.
   * A **user delegation** SAS is secured with Azure Active Directory (Azure AD) credentials and also by the permissions specified for the SAS. A user delegation SAS applies to Blob storage only.
   * A **service SAS** is secured with the storage account key. A service SAS delegates access to a resource in only one of the Azure Storage services: Blob storage, Queue storage, Table storage, or Azure Files. A service-level SAS applies to just one service (e.g. blob, Azure Files...).