How to provide limited Public Access to a Container in a Storage Account?

Mateo Estrada Bazan 81 Reputation points
2023-01-13T20:37:27.7833333+00:00

Hello everybody!

Me and my team are using Azure Synapse Analytics to ingest data from a REST API to a Azure Data Lake Storage Gen2, in order to create views automatically.

The only way we could manage to do this in our Workspace was by previously changing the Public Access Level to the Container inside our Storage Account to "Container (anonymous read access for containers and blobs)".

Is there any way to avoid doing this, and just enable this level of access to containers for a certain (limited) amount of users / IPs, perhaps keeping it "Private (no anonymous access)"?

Screenshot from 2023-01-13 17-35-15.png

Thank you very much in advance.

Kind regards,
Mateo

Azure Data Lake Storage
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
1,466 questions
Azure Storage Explorer
Azure Storage Explorer
An Azure tool that is used to manage cloud storage resources on Windows, macOS, and Linux.
259 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,149 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,843 questions
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,917 questions
0 comments
Accepted answer
  1. SaiKishor-MSFT 17,231 Reputation points
    2023-01-13T23:23:31.11+00:00

    @Mateo Estrada Bazan Thanks for reaching out to Microsoft Q&A. I understand that you want to be able to restrict access to your ADLS Gen2 account for a certain user/IPs only so you can disable Public access to the same, is that right?

    The best/easiest way to do the same would be by adding the IPs in the firewall as shown below-

    Firewall

    Link to the document- [https://video2.skills-academy.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal#change-the-default-network-access-rule

    With ADLS Gen2, you also have the option to restrict it per container/Blob in a better and more elaborate way using Access Control Lists. Please go through this document for more details- [https://video2.skills-academy.com/en-us/azure/storage/blobs/data-lake-storage-access-control

    Hope this helps. If you are looking for more assistance, please do let us know and we will be glad to assist further. Thank you!

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.