You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/storage/common/storage-sas-overview.md
+2-5Lines changed: 2 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -33,13 +33,13 @@ Azure Storage supports three types of shared access signatures:
33
33
34
34
### User delegation SAS
35
35
36
-
A user delegation SAS is secured with Microsoft Entra credentials and also by the permissions specified for the SAS. A user delegation SAS is supported for Blob Storage and Data Lake Storage. It's not currently supported for Queue Storage, Table Storage, or Azure Files.
36
+
A user delegation SAS is secured with Microsoft Entra credentials and also by the permissions specified for the SAS. A user delegation SAS is supported for Blob Storage and Data Lake Storage, and can be used for calls to `blob` endpoints and `dfs` endpoints. It's not currently supported for Queue Storage, Table Storage, or Azure Files.
37
37
38
38
For more information about the user delegation SAS, see [Create a user delegation SAS (REST API)](/rest/api/storageservices/create-user-delegation-sas).
39
39
40
40
### Service SAS
41
41
42
-
A service SAS is secured with the storage account key. A service SAS delegates access to a resource in only one of the Azure Storage services: Blob storage, Data Lake Storage, Queue storage, Table storage, or Azure Files.
42
+
A service SAS is secured with the storage account key. A service SAS delegates access to a resource in only one of the Azure Storage services: Blob storage (including Data Lake Storage and `dfs` endpoints), Queue storage, Table storage, or Azure Files.
43
43
44
44
For more information about the service SAS, see [Create a service SAS (REST API)](/rest/api/storageservices/create-service-sas).
45
45
@@ -50,7 +50,6 @@ An account SAS is secured with the storage account key. An account SAS delegates
50
50
You can also delegate access to the following:
51
51
52
52
- Service-level operations (For example, the **Get/Set Service Properties** and **Get Service Stats** operations).
53
-
54
53
- Read, write, and delete operations that aren't permitted with a service SAS.
55
54
56
55
For more information about the account SAS, [Create an account SAS (REST API)](/rest/api/storageservices/create-account-sas).
@@ -128,9 +127,7 @@ Many real-world services may use a hybrid of these two approaches. For example,
128
127
Additionally, a SAS is required to authorize access to the source object in a copy operation in certain scenarios:
129
128
130
129
- When you copy a blob to another blob that resides in a different storage account. You can optionally use a SAS to authorize access to the destination blob, as well.
131
-
132
130
- When you copy a file to another file that resides in a different storage account. You can optionally use a SAS to authorize access to the destination file, as well.
133
-
134
131
- When you copy a blob to a file, or a file to a blob. You must use a SAS even if the source and destination objects reside within the same storage account.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments