You have been assigned either a built-in or custom role that provides access to blob data.To access blob data from the Azure portal using your Azure AD account, both of the following statements must be true for you: For more information, see Classic subscription administrator roles, Azure roles, and Azure AD administrator roles. The Owner role includes all actions, including the Microsoft.Storage/storageAccounts/listkeys/action, so a user with one of these administrative roles can also access blob data with the account key.
The classic subscription administrator roles Service Administrator and Co-Administrator include the equivalent of the Azure Resource Manager Owner role. If you have not been assigned a role with this action, then the portal attempts to access data using your Azure AD account. If you have been assigned a role with this action, then the portal uses the account key for accessing blob data. When you attempt to access blob data in the Azure portal, the portal first checks whether you have been assigned a role with Microsoft.Storage/storageAccounts/listkeys/action. The Azure Resource Manager Contributor role.Built-in roles that support Microsoft.Storage/storageAccounts/listkeys/action include the following, in order from least to greatest permissions: This Azure role may be a built-in or a custom role. To access blob data with the account access key, you must have an Azure role assigned to you that includes the Azure RBAC action Microsoft.Storage/storageAccounts/listkeys/action. For more information about Azure RBAC, see What is Azure role-based access control (Azure RBAC)?. In most cases, these permissions are provided via Azure role-based access control (Azure RBAC). Permissions needed to access blob dataĭepending on how you want to authorize access to blob data in the Azure portal, you'll need specific permissions. By default the portal uses whichever method you are already using to authorize a blob upload operation, but you have the option to change this setting when you upload a blob.
You can also specify how to authorize an individual blob upload operation in the Azure portal. The portal indicates which method you are using, and enables you to switch between the two if you have the appropriate permissions. A request to Azure Storage can be authorized using either your Azure AD account or the storage account access key. When you access blob data using the Azure portal, the portal makes requests to Azure Storage under the covers.