Skip to main content

A Shared Access Signature (SAS) is an important element in providing a secure way to grant limited access to resources on Azure. It works much like a token, granting permissions to clients to access specific resources without sharing your account keys. This blog post will guide you through setting up a Shared Access Signature on Microsoft Azure Portal.

Please follow the step-by-step instructions to setup a Shared Access Signature on the Microsoft Azure Portal:

  1. After logging into the Microsoft Azure Portal. Select the Storage account.

  2. On the menu bar click on [Configuration]

  3. Enable “Allow recommended upper limit for shared access signature (SAS) expiry interval”

  4. Set the “Recommended upper limit for SAS expiry interval”, for example to 3654 days.

  5. Click on [Save] to continue.

  6. On the menu bar click on [Shared access signature].

  7. In “Allowed services” unselect; File, Queue, and Table.

  8. In “Allowed resources types” select; Service, Container, and Objects

  9. In “Allowed permissions” unselect Delete and Permanent delete.

  10. In “Blob versioning permissions” unselect “Enables deletion of versions”.

  11. In “Start and expiry date/time”, for example set the end date to 10 years in the future.

  12. Click on [Generate SAS and connection string] to continue.

  13. Make a copy of the “Connection string” and “SAS token”