| title | Create and manage a storage task assignment |
|---|---|
| titleSuffix | Azure Storage Actions |
| description | Learn how to create an assignment, and then enable that assignment to run. |
| author | normesta |
| ms.service | azure-storage-actions |
| ms.custom | build-2023-metadata-update |
| ms.topic | how-to |
| ms.author | normesta |
| ms.date | 05/05/2025 |
An assignment identifies a storage account and a subset of objects in that account that the task will target. An assignment also defines when the task runs and where execution reports are stored.
This article helps you create an assignment, and then enable that assignment to run. To learn more about storage task assignments, see Storage task assignments.
Important
Before you enable storage task assignment, make sure that you grant access to trusted Azure services in the network settings of each target storage account. To learn more, see Grant access to trusted Azure services.
Create an assignment for each storage account you want to target. A storage task can contain up to 50 assignments.
Note
In the current release, you can target only storage accounts that are in the same region as the storage tasks.
You can create an assignment in the context of a storage task. This option can be convenient if you're the task author and you want to target multiple storage accounts. For each assignment, you'll identify the storage account that you want to target.
Navigate to the storage task in the Azure portal and then under Storage task management, select Assignments.
In the Assignments page, select + Add assignment and the Add assignment pane will appear.
[!div class="mx-imgBorder"]
You can also create an assignment in the context of a storage account. This option can be convenient if you want to use an existing task to process objects in your storage account. For each assignment, you'll identify the storage task that you want to assign to your account.
Navigate to the storage account in the Azure portal and then under Data management, select Storage tasks.
In the Storage tasks page, select the Task assignment tab, select + Create assignment, and then select + Add assignment.
[!div class="mx-imgBorder"]
The Add assignment pane appears.
In the Select scope section, select a subscription and name the assignment. Then, select the storage account that you want to target.
If you opened the Add assignment pane in the context of the storage account, you'll select a storage task instead of the storage account.
For a description of each property, see Assignment settings.
In the Role assignment section, in the Role drop-down list, select the role that you want to assign to the managed identity of the storage task. To ensure a successful task assignment, use roles that have the Blob Data Owner permissions. To learn more, see Azure roles required to assign tasks.
Note
You choose the managed identity type (system-assigned or user-assigned) as part of creating the storage task.
[!div class="mx-imgBorder"]
For a description of each property, see Assignment settings.
In the Filter objects section, choose whether you want to target a subset of blobs based on a filter. Filters help you narrow the scope of execution. If you want the task to evaluate all of the containers and blobs in an account, then you can select the Do not filter option. The following example uses a filter to target only blobs that exist in a container that is named mycontainer.
[!div class="mx-imgBorder"]
For a description of each property, see Assignment settings.
In the Trigger details section, select how often you'd like this task to run. You can choose to run this task only once, or run the task recurring. If you decide to run this task on a recurring basis, choose a start and end time and specify the number of days in between each run. You can also specify where you'd like to store the execution reports.
[!div class="mx-imgBorder"]
For a description of each property, see Assignment settings.
Select the Add button to create the assignment.
The Add assignment pane closes. When deployment is complete, the assignment appears in the Assignments page. If you don't see the assignment in that page, then select the Refresh button.
[!div class="mx-imgBorder"]
The assignment is disabled by default. To enable the assignment so that it will be scheduled to run, select the checkbox that appears beside the assignment, and then select Enable.
[!div class="mx-imgBorder"]
After the task runs, an execution report is generated and then stored in the container that you specified when you created the assignment. For more information about that report as well as how to view metrics that capture the number of objects targeted, the number of operations attempted, and the number of operations that succeeded, see Analyze storage task runs.
An assignment becomes a sub resource of the targeted storage account. Therefore, after you create the assignment, you can edit only it's run frequency. The other fields of an assignment become read only. The Single run (only once) option becomes read only as well.
-
To edit the run frequency of an assignment in the context of a storage task, navigate to the storage task in the Azure portal and then under Storage task management, select Assignments.
-
To edit the run frequency of an assignment in the context of a storage account, navigate to the storage account in the Azure portal and then under Data management, select Storage tasks.
-
First, install the necessary PowerShell modules. See Install the PowerShell module
-
Specify how often you'd like the task to run. You can choose to run a task only once, or run the task recurring. If you decide to run this task on a recurring basis, specify a start and end time and specify the number of days in between each run. You can also specify where you'd like to store the execution reports. The following example creates variable for trigger values.
$startTime = $startTime = (Get-Date).AddMinutes(10) $reportPrefix = "my-storage-task-report" $triggerType = RunOnce $targetPrefix = "mycontainer/"
-
Get the storage task that you want to include in your assignment by using the Get-AzStorageActionTask command.
$task = Get-AzStorageActionTask -Name <"storage-task-name"> -ResourceGroupName "<resource-group>"
-
Create a storage task assignment by using the
New-AzStorageTaskAssignmentcommand. The following assignment targets themycontainercontainer of an account namedmystorageaccount. This assignment specifies that the task will run only one time, and will save execution reports to a folder namedstorage-tasks-report. The task is scheduled to run10minutes from the present time.New-AzStorageTaskAssignment ` -ResourceGroupName "<resource-group>" ` -AccountName "<storage-account-name>" ` -name "<storage-task-assignment-name>" ` -TaskId $task.ID ` -ReportPrefix $reportPrefix ` -TriggerType $triggerType ` -StartOn $startTime.ToUniversalTime() ` -Description "<description>" ` -Enabled:$true ` -TargetPrefix $targetPrefix
-
Give the storage task permission to perform operations on the target storage account by assigning a role to the managed identity. You can choose the managed identity type (system-assigned or user-assigned) when you create the storage task.
The following commands assign the role of
Storage Blob Data Ownerto the system-assigned managed identity of the storage task.New-AzRoleAssignment ` -ResourceGroupName "<resource-group>" ` -ResourceName "<storage-account-name>" ` -ResourceType "Microsoft.Storage/storageAccounts" ` -ObjectId $task.IdentityPrincipalId ` -RoleDefinitionName "Storage Blob Data Owner"
The following commands assign the role
Storage Blob Data Ownerto a user-assigned managed identity.$managedIdentity = Get-AzUserAssignedIdentity -ResourceGroupName <resource-group> -Name <user-assigned-managed-identity-name> New-AzRoleAssignment ` -ResourceGroupName "<resource-group>" ` -ResourceName "<storage-account-name>" ` -ResourceType "Microsoft.Storage/storageAccounts" ` -ObjectId $managedIdentity.Id ` -RoleDefinitionName "Storage Blob Data Owner"
-
Specify how often you'd like the task to run. You can choose to run a task only once, or run the task recurring. If you decide to run this task on a recurring basis, specify a start and end time and specify the number of days in between each run. You can also specify where you'd like to store the execution reports. The following creates a JSON-formatted string variable which specifies the container name, the task run frequency (
RunOnce), and the time to run the report.current_datetime=$(date +"%Y-%m-%dT%H:%M:%S") executioncontextvariable="{target:{prefix:[mycontainer/],excludePrefix:[]},trigger:{type:'RunOnce',parameters:{startOn:'"${current_datetime}"'}}}"The string used in the
executioncontextvariableis expressed by using shorthand syntax. Shorthand syntax is a simplified representation of a JSON string. To learn more, see How to use shorthand syntax with Azure CLI. -
Get the ID of the storage task that you want to include in your assignment by using the az storage-actions task show command, and then querying for the
idproperty.
id=$(az storage-actions task show -g "<resource-group>" -n "<storage-task-name>" --query "id")
-
Create a storage task assignment by using the
az storage account task-assignment createcommand.az storage account task-assignment create \ -g '<resource-group>' \ -n '<storage-task-assignment-name>' \ --account-name '<storage-account-name>' \ --description '<description>' \ --enabled true \ --task-id $id \ --execution-context $executioncontextvariable \ --report "{prefix:storage-tasks-report}" -
Give the storage task permission to perform operations on the target storage account by assigning a role to the managed identity. You can choose the managed identity type (system-assigned or user-assigned) when you create the storage task.
The following commands assign the role of
Storage Blob Data Ownerto the system-assigned managed identity of the storage task.$storageAccountID=az storage account show --name <storage-account-name> --resource-group <resource-group> --query "id" $roleDefinitionId="b7e6dc6d-f1e8-4753-8033-0f276bb0955b" \ az role assignment create \ --assignee-object-id $principalID \ --scope $storageAccountID \ --role $roleDefinitionId \ --description "My role assignment"The following commands assign the role
Storage Blob Data Ownerto a user-assigned managed identity.$storageAccountID=az storage account show --name <storage-account-name> --resource-group <resource-group> --query "id" $roleDefinitionId="b7e6dc6d-f1e8-4753-8033-0f276bb0955b" $identityId=az identity show --name <user-assigned-managed-identity-name> \ --resource-group <resource-group> --query "id" az role assignment create \ --assignee-object-id $identityId --role $roleDefinitionId \ --description "My role assignment"
Include a snippet similar to the following in your Bicep template.
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-02-01' = {
name: 'mystorageaccount'
location: 'westus'
kind: 'StorageV2'
sku: {
name: 'Standard_LRS'
}
}
resource storageAccountName_storageTaskAssignment 'Microsoft.Storage/storageAccounts/storageTaskAssignments@2023-05-01' = {
parent: storageAccount
name: 'mystoragetaskassignment'
properties: {
taskId: '/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/myresourcegroup/providers/Microsoft.StorageActions/storageTasks/mystoragetask'
enabled: true
executionContext: {
target: {
prefix: [
'mycontainer/'
]
excludePrefix: []
}
trigger: {
type: 'RunOnce'
parameters: {
startOn: '2025-04-20T21:34:00'
}
}
}
report: {
prefix: 'storage-tasks-report'
}
description: 'mystoragetaskassignment'
}
}Include a JSON snippet similar to the following in your Azure Resource Manager template.
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-02-01",
"name": "mystorageaccount",
"location": "westus",
"kind": "StorageV2",
"sku": {
"name": "Standard_LRS"
}
},
{
"type": "Microsoft.Storage/storageAccounts/storageTaskAssignments",
"apiVersion": "2023-05-01",
"name": "storagetaskassignmentname",
"properties": {
"taskId": "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/myresourcegroup/providers/Microsoft.StorageActions/storageTasks/mystoragetask",
"enabled": true,
"executionContext": {
"target": {
"prefix": [
"mycontainer/"
],
"excludePrefix": []
},
"trigger": {
"type": "RunOnce",
"parameters": {
"startOn": "2025-04-20T21:34:00"
}
}
},
"report": {
"prefix": "storage-tasks-report"
},
"description": "[parameters('storageTaskAssignmentDescription')]"
},
"dependsOn": [
"/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/myresourcegroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
]
}
]