I am not sure of the trade-offs between using an access policy for providing time limited access to an azure storage account versus using a shared access signature, since I have always used the shared access signature. Once again, kindly provide the link(s) to documentation so that I can book mark it.
Asked
Active
Viewed 3,633 times
1 Answers
2
Assuming you mean Container/File Share/Queue/Table Access Policy by access policy, an access policy would not mean much till the time you use it to create a Shared Access Signature. Ideally your question should have been whether to use an ad-hoc shared access signature versus access policy based shared access signature.
It is generally recommended that you use a shared access signature that makes use of an access policy instead of generating an ad-hoc shared access signature. The primary benefit of using it is that you can tweak the shared access signature simply by changing the parameters of an access policy. Furthermore revocation of a shared access signature is much easier when created using an access policy. You can simply delete the access policy or it's identifier and shared access signature becomes invalid. For revoking an ad-hoc shared access signature, you will need to regenerate you account key.
More information about shared access signature best practices can be found here: https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview#best-practices-when-using-sas.
Gaurav Mantri
- 128,066
- 12
- 206
- 241