Merge pull request #190507 from tamram/tamram22-0303

Table RBAC GA

Author: laurabren

articles/storage/blobs/assign-azure-role-data-access.md

@@ -48,8 +48,6 @@ You can also assign an Azure Resource Manager role that provides additional perm
 
 > [!NOTE]
 > Prior to assigning yourself a role for data access, you will be able to access data in your storage account via the Azure portal because the Azure portal can also use the account key for data access. For more information, see [Choose how to authorize access to blob data in the Azure portal](../blobs/authorize-data-operations-portal.md).
->
-> The preview version of Storage Explorer in the Azure portal does not support using Azure AD credentials to view and modify blob data. Storage Explorer in the Azure portal always uses the account keys to access data. To use Storage Explorer in the Azure portal, you must be assigned a role that includes **Microsoft.Storage/storageAccounts/listkeys/action**.
 
 # [PowerShell](#tab/powershell)
 

articles/storage/blobs/authorize-data-operations-portal.md

@@ -54,9 +54,6 @@ For information about the built-in roles that support access to blob data, see [
 
 Custom roles can support different combinations of the same permissions provided by the built-in roles. For more information about creating Azure custom roles, see [Azure custom roles](../../role-based-access-control/custom-roles.md) and [Understand role definitions for Azure resources](../../role-based-access-control/role-definitions.md).
 
-> [!NOTE]
-> The preview version of Storage Explorer in the Azure portal does not support using Azure AD credentials to view and modify blob data. Storage Explorer in the Azure portal always uses the account keys to access data. To use Storage Explorer in the Azure portal, you must be assigned a role that includes **Microsoft.Storage/storageAccounts/listkeys/action**.
-
 ## Navigate to blobs in the Azure portal
 
 To view blob data in the portal, navigate to the **Overview** for your storage account, and click on the links for **Blobs**. Alternatively you can navigate to the **Containers** section in the menu.

articles/storage/common/authorize-data-access.md

@@ -24,7 +24,7 @@ The following table describes the options that Azure Storage offers for authoriz
 | Azure Files (SMB) | [Supported](/rest/api/storageservices/authorize-with-shared-key/) | Not supported | [Supported, only with AAD Domain Services](../files/storage-files-active-directory-overview.md) | [Supported, credentials must be synced to Azure AD](../files/storage-files-active-directory-overview.md) | Not supported |
 | Azure Files (REST) | [Supported](/rest/api/storageservices/authorize-with-shared-key/) | [Supported](storage-sas-overview.md) | Not supported | Not supported | Not supported |
 | Azure Queues | [Supported](/rest/api/storageservices/authorize-with-shared-key/) | [Supported](storage-sas-overview.md) | [Supported](../queues/authorize-access-azure-active-directory.md) | Not Supported | Not supported |
-| Azure Tables | [Supported](/rest/api/storageservices/authorize-with-shared-key/) | [Supported](storage-sas-overview.md) | [Supported](../tables/authorize-access-azure-active-directory.md) (preview) | Not supported | Not supported |
+| Azure Tables | [Supported](/rest/api/storageservices/authorize-with-shared-key/) | [Supported](storage-sas-overview.md) | [Supported](../tables/authorize-access-azure-active-directory.md) | Not supported | Not supported |
 
 Each authorization option is briefly described below:
 

articles/storage/common/identity-library-acquire-token.md

@@ -36,7 +36,7 @@ When an Azure AD security principal attempts to access data in an Azure Storage
 
 - [Assign an Azure role for access to blob data](../blobs/assign-azure-role-data-access.md)
 - [Assign an Azure role for access to queue data](../queues/assign-azure-role-data-access.md)
-- [Assign an Azure role for access to table data (preview)](../tables/assign-azure-role-data-access.md)
+- [Assign an Azure role for access to table data](../tables/assign-azure-role-data-access.md)
 
 > [!NOTE]
 > When you create an Azure Storage account, you are not automatically assigned permissions to access data via Azure AD. You must explicitly assign yourself an Azure role for Azure Storage. You can assign it at the level of your subscription, resource group, storage account, or container, queue, or table.

articles/storage/queues/assign-azure-role-data-access.md

@@ -49,8 +49,6 @@ You can also assign an Azure Resource Manager role that provides additional perm
 
 > [!NOTE]
 > Prior to assigning yourself a role for data access, you will be able to access data in your storage account via the Azure portal because the Azure portal can also use the account key for data access. For more information, see [Choose how to authorize access to queue data in the Azure portal](../queues/authorize-data-operations-portal.md).
->
-> The preview version of Storage Explorer in the Azure portal does not support using Azure AD credentials to view and modify queue data. Storage Explorer in the Azure portal always uses the account keys to access data. To use Storage Explorer in the Azure portal, you must be assigned a role that includes **Microsoft.Storage/storageAccounts/listkeys/action**.
 
 # [PowerShell](#tab/powershell)
 

articles/storage/queues/authorize-data-operations-portal.md

@@ -52,9 +52,6 @@ For information about the built-in roles that support access to queue data, see
 
 Custom roles can support different combinations of the same permissions provided by the built-in roles. For more information about creating Azure custom roles, see [Azure custom roles](../../role-based-access-control/custom-roles.md) and [Understand role definitions for Azure resources](../../role-based-access-control/role-definitions.md).
 
-> [!NOTE]
-> The preview version of Storage Explorer in the Azure portal does not support using Azure AD credentials to view and modify queue data. Storage Explorer in the Azure portal always uses the account keys to access data. To use Storage Explorer in the Azure portal, you must be assigned a role that includes **Microsoft.Storage/storageAccounts/listkeys/action**.
-
 ## Navigate to queues in the Azure portal
 
 To view queue data in the portal, navigate to the **Overview** for your storage account, and click on the links for **Queues**. Alternatively you can navigate to the **Queue service** section in the menu.

articles/storage/tables/assign-azure-role-data-access.md

@@ -1,35 +1,37 @@
 ---
-title: Assign an Azure role for access to table data (preview)
+title: Assign an Azure role for access to table data
 titleSuffix: Azure Storage
-description: Learn how to assign permissions for table data (preview) to an Azure Active Directory security principal with Azure role-based access control (Azure RBAC). Azure Storage supports built-in and Azure custom roles for authentication and authorization via Azure AD.
+description: Learn how to assign permissions for table data to an Azure Active Directory security principal with Azure role-based access control (Azure RBAC). Azure Storage supports built-in and Azure custom roles for authentication and authorization via Azure AD.
 services: storage
 author: tamram
 
 ms.service: storage
 ms.topic: how-to
-ms.date: 07/13/2021
+ms.date: 03/03/2022
 ms.author: tamram
-ms.reviewer: dineshm
+ms.reviewer: nachakra
 ms.subservice: common 
 ms.custom: devx-track-azurepowershell, devx-track-azurecli 
 ms.devlang: azurecli
 ---
 
-# Assign an Azure role for access to table data (preview)
+# Assign an Azure role for access to table data
 
-Azure Active Directory (Azure AD) authorizes access rights to secured resources through [Azure role-based access control (Azure RBAC)](../../role-based-access-control/overview.md). Azure Storage defines a set of Azure built-in roles that encompass common sets of permissions used to access table data in Azure Storage (preview).
+Azure Active Directory (Azure AD) authorizes access rights to secured resources through [Azure role-based access control (Azure RBAC)](../../role-based-access-control/overview.md). Azure Storage defines a set of Azure built-in roles that encompass common sets of permissions used to access table data in Azure Storage.
 
 When an Azure role is assigned to an Azure AD security principal, Azure grants access to those resources for that security principal. An Azure AD security principal may be a user, a group, an application service principal, or a [managed identity for Azure resources](../../active-directory/managed-identities-azure-resources/overview.md).
 
 To learn more about using Azure AD to authorize access to table data, see [Authorize access to tables using Azure Active Directory](authorize-access-azure-active-directory.md).
 
-> [!IMPORTANT]
-> Authorization with Azure AD for tables is currently in **PREVIEW**. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
-
 ## Assign an Azure role
 
 You can use PowerShell, Azure CLI, or an Azure Resource Manager template to assign a role for data access.
 
+> [!IMPORTANT]
+> The Azure portal does not currently support assigning an Azure RBAC role that is scoped to the table. To assign a role with table scope, use PowerShell, Azure CLI, or Azure Resource Manager.
+>
+> You can use the Azure portal to assign a role that grants access to table data to an Azure Resource Manager resource, such as the storage account, resource group, or subscription.
+
 # [PowerShell](#tab/powershell)
 
 To assign an Azure role to a security principal, call the [New-AzRoleAssignment](/powershell/module/az.resources/new-azroleassignment) command. The format of the command can differ based on the scope of the assignment. In order to run the command, you must have a role that includes **Microsoft.Authorization/roleAssignments/write** permissions assigned to you at the corresponding scope or above.
@@ -81,7 +83,6 @@ Keep in mind the following points about Azure role assignments in Azure Storage:
 
 - When you create an Azure Storage account, you are not automatically assigned permissions to access data via Azure AD. You must explicitly assign yourself an Azure role for Azure Storage. You can assign it at the level of your subscription, resource group, storage account, or table.
 - If the storage account is locked with an Azure Resource Manager read-only lock, then the lock prevents the assignment of Azure roles that are scoped to the storage account or a table.
-- The preview version of Storage Explorer in the Azure portal does not support using Azure AD credentials to view and modify table data. Storage Explorer in the Azure portal always uses the account keys to access data. To use Storage Explorer in the Azure portal, you must be assigned a role that includes **Microsoft.Storage/storageAccounts/listkeys/action**.
 
 ## Next steps
 

articles/storage/tables/authorize-access-azure-active-directory.md

@@ -1,7 +1,7 @@
 ---
-title: Authorize access to tables using Active Directory (preview)
+title: Authorize access to tables using Active Directory
 titleSuffix: Azure Storage
-description: Authorize access to Azure tables using Azure Active Directory (Azure AD) (preview). Assign Azure roles for access rights. Access data with an Azure AD account.
+description: Authorize access to Azure tables using Azure Active Directory (Azure AD). Assign Azure roles for access rights. Access data with an Azure AD account.
 services: storage
 author: tamram
 
@@ -12,17 +12,14 @@ ms.author: tamram
 ms.subservice: common
 ---
 
-# Authorize access to tables using Azure Active Directory (preview)
+# Authorize access to tables using Azure Active Directory
 
-Azure Storage supports using Azure Active Directory (Azure AD) to authorize requests to table data (preview). With Azure AD, you can use Azure role-based access control (Azure RBAC) to grant permissions to a security principal, which may be a user, group, or application service principal. The security principal is authenticated by Azure AD to return an OAuth 2.0 token. The token can then be used to authorize a request against the Table service.
+Azure Storage supports using Azure Active Directory (Azure AD) to authorize requests to table data. With Azure AD, you can use Azure role-based access control (Azure RBAC) to grant permissions to a security principal, which may be a user, group, or application service principal. The security principal is authenticated by Azure AD to return an OAuth 2.0 token. The token can then be used to authorize a request against the Table service.
 
 Authorizing requests against Azure Storage with Azure AD provides superior security and ease of use over Shared Key authorization. Microsoft recommends using Azure AD authorization with your table applications when possible to assure access with minimum required privileges.
 
 Authorization with Azure AD is available for all general-purpose in all public regions and national clouds. Only storage accounts created with the Azure Resource Manager deployment model support Azure AD authorization.
 
-> [!IMPORTANT]
-> Authorization with Azure AD for tables is currently in **PREVIEW**. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
-
 ## Overview of Azure AD for tables
 
 When a security principal (a user, group, or application) attempts to access a table resource, the request must be authorized. With Azure AD, access to a resource is a two-step process. First, the security principal's identity is authenticated and an OAuth 2.0 token is returned. Next, the token is passed as part of a request to the Table service and used by the service to authorize access to the specified resource.
@@ -78,4 +75,4 @@ For details on the permissions required to call specific Table service operation
 ## Next steps
 
 - [Authorize access to data in Azure Storage](../common/authorize-data-access.md)
-- [Assign an Azure role for access to table data](assign-azure-role-data-access.md)
+- [Assign an Azure role for access to table data](assign-azure-role-data-access.md)

articles/storage/tables/authorize-managed-identity.md

@@ -1,5 +1,5 @@
 ---
-title: Authorize access to table data with a managed identity (preview)
+title: Authorize access to table data with a managed identity
 titleSuffix: Azure Storage
 description: Use managed identities for Azure resources to authorize table data access from applications running in Azure VMs, function apps, and others.
 services: storage
@@ -15,7 +15,7 @@ ms.devlang: csharp
 ms.custom: devx-track-csharp
 ---
 
-# Authorize access to table data with managed identities for Azure resources (preview)
+# Authorize access to table data with managed identities for Azure resources
 
 Azure Table Storage supports Azure Active Directory (Azure AD) authentication with [managed identities for Azure resources](../../active-directory/managed-identities-azure-resources/overview.md). Managed identities for Azure resources can authorize access to table data using Azure AD credentials from applications running in Azure virtual machines (VMs), function apps, virtual machine scale sets, and other services. By using managed identities for Azure resources together with Azure AD authentication, you can avoid storing credentials with your applications that run in the cloud.
 
@@ -82,4 +82,4 @@ public static void CreateTable(string accountName, string tableName)
 ## Next steps
 
 - [Assign an Azure role for access to table data](assign-azure-role-data-access.md)
-- [Authorize access to tables using Azure Active Directory (preview)](authorize-access-azure-active-directory.md)
+- [Authorize access to tables using Azure Active Directory](authorize-access-azure-active-directory.md)