Unlocking the Mysteries: Understanding the Contrast Between User Delegation SAS and Service SAS
Dr. Umesh Pandit
Advisor Solution Architect at DXC Technology | Cloud Solution Architect, ERP AI
Here are the differences between a User Delegation SAS and a Service SAS:
- User Delegation SAS:
- It is secured with Microsoft Entra credentials and also by the permissions specified for the SAS.
- It applies to Blob storage only.
- To create a User Delegation SAS, you must first request a user delegation key, which you then use to sign the SAS.
- The user delegation key is analogous to the account key that's used to sign a Service SAS or an Account SAS, except that it relies on your Microsoft Entra credentials.
- It supports directory scope when the authorization version is 2020-02-10 or later and a hierarchical namespace (HNS) is enabled.
- It supports an optional user object identifier (OID) that's carried in either the saoid or suoid parameter when the authorization version is 2020-02-10 or later.
- Stored access policies are not supported for a User Delegation SAS.
- Service SAS:
- It is secured with the storage account key.
- It provides access to a resource in one storage service: i.e., a blob, queue, table, or file service.
- An Account SAS provides access to one or more storage services, but additionally, you can delegate access to tasks, read, write, and delete operations.
In terms of security, a User Delegation SAS is considered more secure as it does not rely solely on the permissions included in the SAS token. It also takes into consideration the RBAC permissions of the user who created this SAS token.
This approach provides an additional level of security and avoids the need to store your account access key with your application code.
#SAS #UserDelegation #ServiceSAS #DataSecurity #CloudComputing #TechInsights #DataManagement #CyberSecurity #LinkedInLearning #TechTalk #KnowledgeSharing #CloudSecurity #DataAccess #TechTips #LinkedInPost #DXC #WeareDXC
Manager Sales | Customer Relations, New Business Development
11 个月User delegation SAS is definitely a more secure approach, adding that extra layer of security without needing to store your access key. Dr. Umesh Pandit
I Scale Companies with Automation & AI | Sales & Marketing Automation Specialist | 6+ Years of Experience | CEO & CO-Founder @ GrowthFusion Consultancy LLP
11 个月User Delegation SAS adds a valuable layer to your data security protocol. ??