(Admin) Granting data access permissions - adamoshen/cbspeeches GitHub Wiki
Users must first be added to the Microsoft Azure organization (the "organization" is the Microsoft Azure subscription service). Once a user has been invited (even if they have not yet accepted the invitation), their data access privileges can be modified.
1. Granting user access to Microsoft Azure organization
- Login to the Microsoft Azure portal.
- In the left-side menu bar, select "All services".
- Find the service "Microsoft Entra ID".
- In the left-side menu, navigate to "Manage" -> "Users".
- In the main pane, click "+ New User" -> "Invite external user".
- Fill out the information in the "Basics" tab. The email address must be a Microsoft email address, whether a personal email address or an enterprise email address (work / school, etc). Optionally, under the "Properties" tab, modify the User Type between Guest and Member. Click "Review + Invite" when done.
2. Assigning data access permissions
- Return to "All services" via the left-side menu bar.
- Find the service "Storage accounts".
- Select the storage account (
cbspeeches1
). Proceed to Step 4 to grant permissions for the storage account. To only grant permissions for the specific storage container (cbspeeches
), navigate to "Data storage" -> "Containers" ->cbspeeches
before proceeding to Step 4. - In the new left-side menu, navigate to "Access Control (IAM)".
- Click the "Role Assignments" tab to view all members and their role assignments.
- To modify a user's role assignment, click "+ Add" -> "Add role assignment".
- The role to be assigned will usually be one of:
- Storage Blob Data Reader: Allows for read access to Azure Storage blob containers and data.
- Storage Blob Data Contributor: Allows for read, write and delete access to Azure Storage blob containers and data.
- Select the appropriate role, then click "Next".
- Next to the "Members" heading, click "+ Select members" to select the appropriate users.
- Click "Review + Assign" to finalise.