Rajnish, MCT

Rajnish Kumar Jha, MCT: DevOps, Azure, Microsoft Certified Trainer

DevOps, Cloud, Azure resources & blog

You are here :► Rajnish Kumar Jha, MCT: DevOps, Azure, Microsoft Certified TrainerBlogAzure StorageExplore full list of SAS parameters in Azure URI

Explore full list of SAS parameters in Azure URI

Written by

Rajnish Kumar Jha

/

Under the topic

/

Dated:

Table Of Content

In Azure Storage, a Shared Access Signature (SAS) URI grants delegated access to resources in your storage account.

Understanding the structure of a SAS URI and its components is essential for secure and effective access management.

Structure of a SAS URI

A SAS URI typically consists of two main parts:

1. Resource URI

The base URL pointing to the specific storage resource (e.g., blob, container, file share).

2. SAS Token

A query string appended to the resource URI, containing parameters that define the scope, permissions, and validity of the SAS.

Example:

Components of the SAS Token

The SAS token includes several query parameters that specify the details of the access granted:

  • sv (Signed Version): The storage service version to use when handling requests made with this SAS.

  • st (Signed Start): The UTC time when the SAS becomes valid.

  • se (Signed Expiry): The UTC time after which the SAS is no longer valid.

  • sr (Signed Resource): The resource the SAS applies to. Common values include:

    • b for blob

    • c for container

    • f for file

    • s for share

  • sip (Signed IP): The IP address or range from which requests will be accepted.

  • spr (Signed Protocol): The protocol permitted for requests made with the SAS (e.g., https).

  • si (Signed Identifier): A unique value that correlates to an access policy specified for the resource.

  • sdd (Signed Directory Depth): The directory depth for directory-scoped access (relevant for hierarchical namespaces).

  • skt (Signed Key Start): The UTC time when the key becomes valid.

  • ske (Signed Key Expiry): The UTC time after which the key is no longer valid.

  • sks (Signed Services): The services accessible with the SAS (e.g., blob, file).

  • srt (Signed Resource Types): The resource types accessible with the SAS (e.g., service, container, object).

  • sp (Signed Permissions): The permissions granted by the SAS (e.g., read, write, delete).

  • sip (Signed IP): The IP address or range from which requests will be accepted.

  • spr (Signed Protocol): The protocol permitted for requests made with the SAS (e.g., https).

  • si (Signed Identifier): A unique value that correlates to an access policy specified for the resource.

  • sdd (Signed Directory Depth): The directory depth for directory-scoped access (relevant for hierarchical namespaces).

  • skt (Signed Key Start): The UTC time when the key becomes valid.

  • ske (Signed Key Expiry): The UTC time after which the key is no longer valid.

  • sks (Signed Services): The services accessible with the SAS (e.g., blob, file).

  • srt (Signed Resource Types): The resource types accessible with the SAS (e.g., service, container, object).

  • sp (Signed Permissions): The permissions granted by the SAS (e.g., read, write, delete).

  • sip (Signed IP): The IP address or range from which requests will be accepted.

  • spr (Signed Protocol): The protocol permitted for requests made with the SAS (e.g., https).

  • si (Signed Identifier): A unique value that correlates to an access policy specified for the resource.

  • sdd (Signed Directory Depth): The directory depth for directory-scoped access (relevant for hierarchical namespaces).

  • skt (Signed Key Start): The UTC time when the key becomes valid.

  • ske (Signed Key Expiry): The UTC time after which the key is no longer valid.

  • sks (Signed Services): The services accessible with the SAS (e.g., blob, file).

  • srt (Signed Resource Types): The resource types accessible with the SAS (e.g., service, container, object).

  • sp (Signed Permissions): The permissions granted by the SAS (e.g., read, write, delete).

  • sip (Signed IP): The IP address or range from which requests will be accepted.

  • spr (Signed Protocol): The protocol permitted for requests made with the SAS (e.g., https).

  • si (Signed Identifier): A unique value that correlates to an access policy specified for the resource.

  • sdd (Signed Directory Depth): The directory depth for directory-scoped access (relevant for hierarchical namespaces).

  • skt (Signed Key Start): The UTC time when the key becomes valid.

  • ske (Signed Key Expiry): The UTC time after which the key is no longer valid.

  • sks (Signed Services): The services accessible with the SAS (e.g., blob, file).

  • srt (Signed Resource Types): The resource types accessible with the SAS (e.g., service, container, object).

  • sp (Signed Permissions): The permissions granted by the SAS (e.g., read

 

Related Articles

What are the Authorization options for Azure Storage

What are the Authorization options for Azure St…

Azure Storage offers several authorization options to c…

Let’s compare storage for File Shares and Blob data in Azure

Let’s compare storage for File Shares and…

Azure offers Azure Files for file shares and Azure Blob…

Learn about the Authorization options in Azure Storage

Learn about the Authorization options in Azure …

Azure Storage provides several authorization options to…

Learn about best practices in Azure Storage security

Learn about best practices in Azure Storage sec…

To enhance the security of your Azure Storage, follow t…

Tags attached to this Post

About the Author

Rajnish Kumar Jha

MCT, MCSA, MCSE, MCAD, MCPD, MCTS, MCSD

My name is Rajnish Kumar Jha. I am Technical architect on Azure Cloud and .NET since 21+ years. I’ve worked for pioneer companies and as freelance trainer/consultant helping my clients to achieve their IT goals.

I find blogging, a great way to share back what I’ve learned all through my professional journey. You are welcome to connect or share feedback/suggestion here or through an email.

Featured Courses

Learn Azure DevOps from Scratch for Free

Rajnish Kumar Jha

MCT, MCSA, MCSE, MCAD, MCPD, MCTS, MCSD

My name is Rajnish Kumar Jha. I am Technical architect on Azure Cloud and .NET since 21+ years. I’ve worked for pioneer companies and as freelance trainer/consultant helping my clients to achieve their IT goals.

I find blogging, a great way to share back what I’ve learned all through my professional journey. You are welcome to connect or share feedback/suggestion here or through an email.

My MCT card (Microsoft)

My Certifications

Rajnish, MCT

Popular Posts

Popular TAGS

AZ-104 (41) Azure (41) Azure Administration (41) Azure ARM Template (2) Azure Bicep (2) Azure Policy (2) Azure RBAC (4) Azure Solution Expert (41) Cloud (41) Cloud Administration (41) Microsoft Azure (41) Microsoft Entra (11)

Popular Category

Azure Backup (29) Azure Compute (63) Azure DevOps (351) Azure Fundamentals (14) Azure Governance (12) Azure Identity (14) Azure Monitoring (40) Azure Storage (51) Azure Virtual Networks (48)

Table Of Content

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

Unlock the full potential of Azure Cloud with me
– Your trusted guide to Azure mastery!

SUBSCRIBE

My newsletter for exclusive content and offers. Type email and hit Enter.

No spam ever. Unsubscribe anytime.
Read the Privacy Policy.

Follow me on social media

Stay ahead of the curve
with the latest Azure tips, trends, and updates.

LinkedIn -|- GitHub -|- YouTube -|- Facebook -|- Twitter-|- Pinterest -|- Instagram