(Admin) Granting data access permissions - adamoshen/cbspeeches GitHub Wiki

Users must first be added to the Microsoft Azure organization (the "organization" is the Microsoft Azure subscription service). Once a user has been invited (even if they have not yet accepted the invitation), their data access privileges can be modified.

1. Granting user access to Microsoft Azure organization

Login to the Microsoft Azure portal.
In the left-side menu bar, select "All services".
Find the service "Microsoft Entra ID".
In the left-side menu, navigate to "Manage" -> "Users".
In the main pane, click "+ New User" -> "Invite external user".
Fill out the information in the "Basics" tab. The email address must be a Microsoft email address, whether a personal email address or an enterprise email address (work / school, etc). Optionally, under the "Properties" tab, modify the User Type between Guest and Member. Click "Review + Invite" when done.

2. Assigning data access permissions

Return to "All services" via the left-side menu bar.
Find the service "Storage accounts".
Select the storage account (cbspeeches1). Proceed to Step 4 to grant permissions for the storage account. To only grant permissions for the specific storage container (cbspeeches), navigate to "Data storage" -> "Containers" -> cbspeeches before proceeding to Step 4.
In the new left-side menu, navigate to "Access Control (IAM)".
Click the "Role Assignments" tab to view all members and their role assignments.
To modify a user's role assignment, click "+ Add" -> "Add role assignment".
The role to be assigned will usually be one of:
- Storage Blob Data Reader: Allows for read access to Azure Storage blob containers and data.
- Storage Blob Data Contributor: Allows for read, write and delete access to Azure Storage blob containers and data.
- Select the appropriate role, then click "Next".
Next to the "Members" heading, click "+ Select members" to select the appropriate users.
Click "Review + Assign" to finalise.