SASQueryParametersOptions interface

Options to construct SASQueryParameters.

Properties

agentObjectId

Unauthorized AAD Object ID in GUID format. The AAD Object ID of a user that is assumed to be unauthorized by the owner of the User Delegation Key. The Azure Storage Service will perform an additional POSIX ACL check to determine if the user is authorized to perform the requested operation. This cannot be used in conjuction with <xref:signedAuthorizedUserObjectId>. This is only used for User Delegation SAS.

cacheControl

Value for cache-control header in Blob/File Service SAS.

contentDisposition

Value for content-disposition header in Blob/File Service SAS.

contentEncoding

Value for content-encoding header in Blob/File Service SAS.

contentLanguage

Value for content-length header in Blob/File Service SAS.

contentType

Value for content-type header in Blob/File Service SAS.

correlationId

A GUID value that will be logged in the storage diagnostic logs and can be used to correlate SAS generation with storage resource access. This is only used for User Delegation SAS.

directoryDepth

Indicate the depth of the directory specified in the canonicalizedresource field of the string-to-sign. The depth of the directory is the number of directories beneath the root folder.

encryptionScope

Optional. Encryption scope to use when sending requests authorized with this SAS URI.

expiresOn

Optional only when identifier is provided. The expiry time for this SAS token.

identifier

Optional. The signed identifier (only for <xref:BlobSASSignatureValues>).

See https://docs.microsoft.com/en-us/rest/api/storageservices/establishing-a-stored-access-policy

ipRange

Optional. IP ranges allowed in this SAS.

permissions

Optional only when identifier is provided. Please refer to AccountSASPermissions, <xref:BlobSASPermissions>, or <xref:ContainerSASPermissions> for more details.

preauthorizedAgentObjectId

Authorized AAD Object ID in GUID format. The AAD Object ID of a user authorized by the owner of the User Delegation Key to perform the action granted by the SAS. The Azure Storage service will ensure that the owner of the user delegation key has the required permissions before granting access but no additional permission check for the user specified in this value will be performed. This cannot be used in conjuction with <xref:signedUnauthorizedUserObjectId>. This is only used for User Delegation SAS.

protocol

Optional. The allowed HTTP protocol(s).

resource

Optional. Specifies which resources are accessible via the SAS (only for <xref:BlobSASSignatureValues>).

See https://docs.microsoft.com/rest/api/storageservices/create-service-sas#specifying-the-signed-resource-blob-service-only

resourceTypes

Optional. The storage resource types being accessed (only for Account SAS). Please refer to AccountSASResourceTypes for more details.

services

Optional. The storage services being accessed (only for Account SAS). Please refer to AccountSASServices for more details.

startsOn

Optional. The start time for this SAS token.

userDelegationKey

User delegation key properties.

Property Details

agentObjectId

Unauthorized AAD Object ID in GUID format. The AAD Object ID of a user that is assumed to be unauthorized by the owner of the User Delegation Key. The Azure Storage Service will perform an additional POSIX ACL check to determine if the user is authorized to perform the requested operation. This cannot be used in conjuction with <xref:signedAuthorizedUserObjectId>. This is only used for User Delegation SAS.

agentObjectId?: string

Property Value

string

cacheControl

Value for cache-control header in Blob/File Service SAS.

cacheControl?: string

Property Value

string

contentDisposition

Value for content-disposition header in Blob/File Service SAS.

contentDisposition?: string

Property Value

string

contentEncoding

Value for content-encoding header in Blob/File Service SAS.

contentEncoding?: string

Property Value

string

contentLanguage

Value for content-length header in Blob/File Service SAS.

contentLanguage?: string

Property Value

string

contentType

Value for content-type header in Blob/File Service SAS.

contentType?: string

Property Value

string

correlationId

A GUID value that will be logged in the storage diagnostic logs and can be used to correlate SAS generation with storage resource access. This is only used for User Delegation SAS.

correlationId?: string

Property Value

string

directoryDepth

Indicate the depth of the directory specified in the canonicalizedresource field of the string-to-sign. The depth of the directory is the number of directories beneath the root folder.

directoryDepth?: number

Property Value

number

encryptionScope

Optional. Encryption scope to use when sending requests authorized with this SAS URI.

encryptionScope?: string

Property Value

string

expiresOn

Optional only when identifier is provided. The expiry time for this SAS token.

expiresOn?: Date

Property Value

Date

identifier

Optional. The signed identifier (only for <xref:BlobSASSignatureValues>).

See https://docs.microsoft.com/en-us/rest/api/storageservices/establishing-a-stored-access-policy

identifier?: string

Property Value

string

ipRange

Optional. IP ranges allowed in this SAS.

ipRange?: SasIPRange

Property Value

permissions

Optional only when identifier is provided. Please refer to AccountSASPermissions, <xref:BlobSASPermissions>, or <xref:ContainerSASPermissions> for more details.

permissions?: string

Property Value

string

preauthorizedAgentObjectId

Authorized AAD Object ID in GUID format. The AAD Object ID of a user authorized by the owner of the User Delegation Key to perform the action granted by the SAS. The Azure Storage service will ensure that the owner of the user delegation key has the required permissions before granting access but no additional permission check for the user specified in this value will be performed. This cannot be used in conjuction with <xref:signedUnauthorizedUserObjectId>. This is only used for User Delegation SAS.

preauthorizedAgentObjectId?: string

Property Value

string

protocol

Optional. The allowed HTTP protocol(s).

protocol?: SASProtocol

Property Value

resource

Optional. Specifies which resources are accessible via the SAS (only for <xref:BlobSASSignatureValues>).

See https://docs.microsoft.com/rest/api/storageservices/create-service-sas#specifying-the-signed-resource-blob-service-only

resource?: string

Property Value

string

resourceTypes

Optional. The storage resource types being accessed (only for Account SAS). Please refer to AccountSASResourceTypes for more details.

resourceTypes?: string

Property Value

string

services

Optional. The storage services being accessed (only for Account SAS). Please refer to AccountSASServices for more details.

services?: string

Property Value

string

startsOn

Optional. The start time for this SAS token.

startsOn?: Date

Property Value

Date

userDelegationKey

User delegation key properties.

userDelegationKey?: UserDelegationKey

Property Value