Enable Access to Blobs for Finance Department in Azure Subscription

A

Shared Access Signatures (SAS) allows for limited-time fine grained access control to resources. So you can generate URL, specify duration (for month of April) and disseminate URL to 10 team members. On May 1, the SAS token is automatically invalidated, denying team members continued access.

The recommended security solution to enable access to blobs for a specific period of time is Shared Access Signatures (SAS).

Shared Access Signatures (SAS) are a secure way to grant limited access to specific resources in an Azure Storage account. With SAS, you can grant clients access to specific blobs or containers within a storage account for a limited time period. SAS tokens can be created for specific users or applications and can be revoked at any time. This means that you can provide temporary access to specific blobs in a container to the finance department for the month of April only.

Conditional Access policies, certificates, and access keys are not appropriate solutions for this scenario.

Conditional Access policies are used to control access to Azure resources based on specific conditions, such as location, device, and user role. However, they are not designed to provide temporary access to specific blobs within a container.

Certificates are used to authenticate clients and secure communication channels, but they do not provide access to specific resources within a storage account.

Access keys are used to authenticate and authorize access to an entire storage account. They are not designed to provide temporary access to specific blobs within a container.

In summary, Shared Access Signatures (SAS) is the recommended solution to grant temporary access to specific blobs in an Azure Storage account.