You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/storage/blobs/storage-auth-abac-attributes.md
+27-1Lines changed: 27 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ author: pauljewellmsft
6
6
ms.author: pauljewell
7
7
ms.service: azure-blob-storage
8
8
ms.topic: conceptual
9
-
ms.date: 02/07/2024
9
+
ms.date: 04/01/2024
10
10
ms.reviewer: nachakra
11
11
---
12
12
@@ -340,6 +340,7 @@ The following table summarizes the available attributes by source:
340
340
||[Blob index tags [Keys]](#blob-index-tags-keys)| Index tags on a blob resource (keys); available only for storage accounts where hierarchical namespace is not enabled |
341
341
||[Blob index tags [Values in key]](#blob-index-tags-values-in-key)| Index tags on a blob resource (values in key); available only for storage accounts where hierarchical namespace is not enabled |
342
342
||[Blob prefix](#blob-prefix)| Allowed prefix of blobs to be listed |
343
+
||[List blob include](#list-blob-include)| Information that can be included with listing operations, such as metadata, snapshots, or versions |
343
344
||[Snapshot](#snapshot)| The Snapshot identifier for the Blob snapshot |
344
345
||[Version ID](#version-id)| The version ID of the versioned blob; available only for storage accounts where hierarchical namespace is not enabled |
345
346
|**Resource**|||
@@ -348,6 +349,7 @@ The following table summarizes the available attributes by source:
348
349
||[Blob index tags [Values in key]](#blob-index-tags-values-in-key)| Index tags on a blob resource (values in key) |
349
350
||[Blob path](#blob-path)| Path of a virtual directory, blob, folder or file resource |
350
351
||[Container name](#container-name)| Name of a storage container or file system |
352
+
||[Container metadata](#container-metadata)| Metadata key/value pair associated with a container |
351
353
||[Encryption scope name](#encryption-scope-name)| Name of the encryption scope used to encrypt data |
352
354
||[Is current version](#is-current-version)| Whether the resource is the current version of the blob |
353
355
||[Is hierarchical namespace enabled](#is-hierarchical-namespace-enabled)| Whether hierarchical namespace is enabled on the storage account |
@@ -436,6 +438,18 @@ The following table summarizes the available attributes by source:
> |**Examples**|`@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:name] StringEquals 'blobs-example-container'`<br/>[Example: Read, write, or delete blobs in named containers](storage-auth-abac-examples.md#example-read-write-or-delete-blobs-in-named-containers)|
438
440
441
+
### Container metadata
442
+
443
+
> [!div class="mx-tdCol2BreakAll"]
444
+
> | Property | Value |
445
+
> | --- | --- |
446
+
> |**Display name**| Container metadata |
447
+
> |**Description**| Metadata key/value pair associated with a container.<br/>Use when you want to check specific metadata for a container. *Currently in preview.*|
> |**Examples**|`@Resource[Microsoft.Storage/storageAccounts/blobServices/containers/metadata:testKey] StringEquals 'testValue'`<br/>[Example: Read blobs in a container with specific metadata](storage-auth-abac-examples.md#example-read-blobs-in-container-with-specific-metadata)<br/>[Example: Write or delete blobs in container with specific metadata](storage-auth-abac-examples.md#example-write-or-delete-blobs-in-container-with-specific-metadata)|
452
+
439
453
### Encryption scope name
440
454
441
455
> [!div class="mx-tdCol2BreakAll"]
@@ -489,6 +503,18 @@ The following table summarizes the available attributes by source:
489
503
> |**Examples**|`@Environment[isPrivateLink] BoolEquals true`<br/>[Example: Require private link access to read blobs with high sensitivity](storage-auth-abac-examples.md#example-require-private-link-access-to-read-blobs-with-high-sensitivity)|
490
504
> |**Learn more**|[Use private endpoints for Azure Storage](../common/storage-private-endpoints.md)|
491
505
506
+
### List blob include
507
+
508
+
> [!div class="mx-tdCol2BreakAll"]
509
+
> | Property | Value |
510
+
> | --- | --- |
511
+
> |**Display name**| List blob include |
512
+
> |**Description**| Information that can be included with a [List Blobs](/rest/api/storageservices/list-blobs) operation, such as metadata, snapshots, or versions.<br/>Use when you want to allow or restrict values for the `include` parameter when calling the [List Blobs](/rest/api/storageservices/list-blobs) operation.<br/>*Currently in preview. Available only for storage accounts where hierarchical namespace is not enabled.*|
> |**Examples**|`@Request[Microsoft.Storage/storageAccounts/blobServices/containers/blobs:include] ForAllOfAnyValues:StringEqualsIgnoreCase {'metadata', 'snapshots', 'versions'}`<br/>`@Request[Microsoft.Storage/storageAccounts/blobServices/containers/blobs:include] ForAllOfAllValues:StringNotEquals {'metadata'}`<br/>[Example: Allow list blob operation to include blob metadata, snapshots, or versions](storage-auth-abac-examples.md#example-allow-list-blob-operation-to-include-blob-metadata-snapshots-or-versions)<br/>[Example: Restrict list blob operation to not include blob metadata](storage-auth-abac-examples.md#example-restrict-list-blob-operation-to-not-include-blob-metadata)|
0 commit comments