Stored Access Policies and Shared Access Signatures

Stored Access Policies and Shared Access Signatures

Q. Why would I use a Stored Access Policy with Shared Access Signatures?

A. A Shared Access Signature provides a way to grant access to Azure storage resources at a granular, controlled level without having to share the storage account key. An Ad-hoc SAS enables all the attributes to be defined at time of creation, for example the expiry time and the rights. A Stored Access Policy enables policies to be created at a container/table level which have the various attributes of access defined which are then used by SAS. The big benefit is not only not having to define the attributes of the access for each creation but it helps in revoking the SAS.

Ordinarily with a SAS to revoke its access you have to wait for the expiry time to occur or change the storage account key that was used to create the SAS. When a SAS is created that uses a Stored Access Policy then it can also be revoked by changing the expiry time on the policy (to sometime in the past) or simply deleting the policy.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.