By default, a container and any blobs within it may be accessed only by the owner of the storage account. If you want to give anonymous users read permissions to a container and its blobs, you can set the access control list (ACL) for the container to allow public access. Anonymous users can read blobs within a publicly accessible container without authenticating the request.
Beginning with the 2009-09-19 version, the container ACL provides the following options for managing container access:
-
Full public read access: Container and blob data can be read via anonymous request. Clients can enumerate blobs within the container via anonymous request, but cannot enumerate containers within the storage account.
-
Public read access for blobs only: Blob data within this container can be read via anonymous request, but container data is not available. Clients cannot enumerate blobs within the container via anonymous request.
-
No public read access: Container and blob data can be read by the account owner only.
If a container is made public using the 2009-09-19 version of Set Container ACL, then all anonymous read access to the container and its resources will use the 2009-09-19 read operations. If a container was made public using a version of Set Container ACL prior to 2009-09-19, then all anonymous read access to the container and its resources will use the use the pre-release default read operations.
.gif) Note |
|
If your service requires that you exercise more granular control over blob resources, or if you wish to provide permissions for operations other than read operations, you can use a Shared Access Signature to make a resource accessible to users. See Creating a Shared Access Signature for more information. |
The following table shows which operations may be called by anonymous users when a container's ACL is set to allow public access.
See Also