You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/storage/common/storage-sas-overview.md
+4-5Lines changed: 4 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,8 +7,7 @@ author: normesta
7
7
ms.author: normesta
8
8
ms.service: azure-storage
9
9
ms.topic: concept-article
10
-
ms.date: 11/21/2024
11
-
ms.reviewer: dineshm
10
+
ms.date: 02/27/2026
12
11
ms.subservice: storage-common-concepts
13
12
# Customer intent: As a cloud architect, I want to implement shared access signatures to securely delegate access to Azure Storage resources, so that I can maintain control over resource permissions and manage access efficiently across various client applications.
14
13
---
@@ -34,13 +33,13 @@ Azure Storage supports three types of shared access signatures:
34
33
35
34
### User delegation SAS
36
35
37
-
A user delegation SAS is secured with Microsoft Entra credentials and also by the permissions specified for the SAS. A user delegation SAS is supported for Blob Storage and Data Lake Storage, and can be used for calls to `blob` endpoints and `dfs` endpoints. It's not currently supported for Queue Storage, Table Storage, or Azure Files.
36
+
A user delegation SAS is secured with Microsoft Entra credentials and also by the permissions specified for the SAS. A user delegation SAS is supported for Blob Storage (including Data Lake Storage and `dfs` endpoints), Queue Storage, Table Storage, or Azure Files.
38
37
39
38
For more information about the user delegation SAS, see [Create a user delegation SAS (REST API)](/rest/api/storageservices/create-user-delegation-sas).
40
39
41
40
### Service SAS
42
41
43
-
A service SAS is secured with the storage account key. A service SAS delegates access to a resource in only one of the Azure Storage services: Blob storage (including Data Lake Storage and `dfs` endpoints), Queue storage, Table storage, or Azure Files.
42
+
A service SAS is secured with the storage account key. A service SAS delegates access to a resource in only one of the Azure Storage services: Blob Storage (including Data Lake Storage and `dfs` endpoints), Queue Storage, Table Storage, or Azure Files.
44
43
45
44
For more information about the service SAS, see [Create a service SAS (REST API)](/rest/api/storageservices/create-service-sas).
46
45
@@ -90,7 +89,7 @@ The following table summarizes how each type of SAS token is authorized.
90
89
91
90
| Type of SAS | Type of authorization |
92
91
| --- | --- |
93
-
| User delegation SAS (Blob Storage and Data Lake Storage only) | Microsoft Entra ID |
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments