0

Assuming I already have a Storage Account SAS URI configured. How can I connect from outside the network to that Storage Account and which file sharing client should I use? What values do I need to configure it and where are they in the Storage Account - Azure AD? How do I give different permissions to different users? By Roles?

I tried to create a Storage Account SAS URI and a Shared Access Key. I tried connecting from WinSCP using those endpoints. I can't find the username and password. Do you know a method similar to this, but that works?

Many Thanks

Kenzo_Gilead
  • 2,187
  • 9
  • 35
  • 60

1 Answers1

1

If you enable SFTP for Azure Blob Storage, you will have an endpoint that you can access via WinSCP and the ability to create users with differing permissions to control access.

Anthony Norwood
  • 357
  • 1
  • 7
  • Hi Anthony. I can´t use it for standards of the company. But thanks – Kenzo_Gilead Feb 07 '23 at 16:18
  • That's going to limit you; unless your Azure Blob Storage has SFTP enabled you won't be able to connect from a tool such as WinSCP. You could use Powershell to connect and manipulate files, but it's a bit more technical. In terms of permissions, that would be granted via the SAS token (when you created it, you'll have seen that you can modify the permissions granted to it) or if users can use their own Azure AD accounts you can use RBAC roles. I'd recommend using Access Policies if you use SAS tokens, as you can create an access policy and then create a SAS token against it. – Anthony Norwood Feb 07 '23 at 16:22
  • I am able to configure sFTP enabled in the Storage Account. Then, which IP or hostname I should use in WinSCP? User and pass? Blob endpoint is not working. Thanks – Kenzo_Gilead Feb 07 '23 at 16:30
  • Everything you need should be [in this documentation](https://learn.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-support-how-to?tabs=azure-portal) for that – Anthony Norwood Feb 07 '23 at 16:34
  • Great. It seems that I was looking. It is not clear for me if an external vendor could access to this Storage Account? And How can I set the password for the user? Without using Signature? Many Thanks – Kenzo_Gilead Feb 07 '23 at 16:48
  • [This section of the doc](https://learn.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-support-how-to?tabs=azure-portal#configure-permissions) talks about how to create users and set permissions. You don't need to use SAS for SFTP. – Anthony Norwood Feb 07 '23 at 17:06
  • Already read it. But it is enoguh for me. Please, if you change your answer, I will vote you as correct answer., – Kenzo_Gilead Feb 07 '23 at 17:18
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/251728/discussion-between-elias-mp-and-anthony-norwood). – Kenzo_Gilead Feb 08 '23 at 15:16