Setting Access Control for Containers
[This is prerelease documentation and is subject to change in future releases.]

By default, a container and any blobs within it may be accessed only by the owner of the storage account. If you want to give anonymous users read permissions to a container and its blobs, you can set the access control list (ACL) for the container to allow public access. Anonymous users can read blobs within a publicly accessible container without authenticating the request.

noteNote
If your service requires that you exercise more granular control over blob resources, or if you wish to provide permissions for operations other than read operations, you can use a Shared Access Signature to make a resource accessible to users. See Creating a Shared Access Signature for more information.

The following table shows which operations may be called by anonymous users when a container's ACL is set to allow public access.

 

OperationPermission with anonymous access

List Containers

Owner only

Create Container

Owner only

Get Container Properties

All

Set Container Metadata

Owner only

Get Container ACL

Owner only

Set Container ACL

Owner only

Delete Container

Owner only

List Blobs

All

Put Blob

Owner only

Get Blob

All

Get Blob Properties

All

Get Blob Metadata

All

Set Blob Metadata

Owner only

Put Block

Owner only

Get Block List (committed blocks only)

All

Get Block List (uncommitted blocks only or all blocks)

Owner only

Put Block List

Owner only

Delete Blob

Owner only

See Also

Page view tracker