LogoLogo
  • Overview
  • publisher
    • Introduction
    • Getting Started
      • Logging in to Publisher
    • Data Sources
      • Connecting a Data Source
      • Managing a Data Source
      • Connectors
        • AWS S3 Permissions
        • Connecting to AWS S3 Storage
        • Google Cloud Storage (GCS) Permissions
        • Connecting to Google Cloud Storage
        • PostgreSQL Permissions
        • Connecting to PostgreSQL
        • PostgreSQL on Azure Permissions
        • Microsoft Azure Blob Storage Permissions
        • Connecting to Microsoft Azure Blob Storage
        • Connecting to HTTPS
        • Connecting to other sources via Trino
          • BigQuery
    • Collections
      • Creating a Collection
      • Sharing a Collection
      • Collection Filters
      • Editing Collection Metadata
      • Updating Collection Contents
    • Access Policies
      • Creating an Access Policy
      • Managing Access Policies
    • Questions
      • Adding Questions
      • Example Question
    • Settings
      • Viewing Current and Past Administrators
      • Adding an Administrator
      • Removing an Administrator
      • Setting Notification Preferences
  • Explorer
    • Introduction
    • Viewing a Collection
    • Browsing Collections
    • Asking Questions
    • Accessing a Private Collection
      • Requesting Access to a Private Collection
    • Filtering Data in Tables
      • Strings
      • Dates
      • Numbers
  • Workbench
    • Introduction
    • Getting Started
      • Logging into Workbench
      • Connecting an Engine
      • Finding or Importing a Workflow
      • Configuring Workflow Inputs
      • Running and Monitoring a Workflow
      • Locating Outputs
    • Engines
      • Adding and Updating an Engine
        • On AWS HealthOmics
        • On Microsoft Azure
        • On Google Cloud Platform
        • On Premises
      • Parameters
        • AWS HealthOmics
        • Google Cloud Platform
        • Microsoft Azure
        • On-Premises
        • Cromwell
        • Amazon Genomics CLI
    • Workflows
      • Finding Workflows
      • Adding a Workflow
      • Supported Languages
      • Repositories
        • Dockstore
    • Instruments
      • Getting Started with Instruments
      • Connecting a Storage Account
      • Using Sample Data in a Workflow
      • Running Workflows Using Samples
      • Family Based Analysis with Pedigree Information
      • Monitor the Workflow
      • CLI Reference
        • Instruments
        • Storage
        • Samples
        • OpenAPI Specification
    • Entities
    • Terminology
  • Passport
    • Introduction
    • Registering an Email Address for a Google Identity
  • Command Line Interface
    • Installation
    • Usage Examples
    • Working with JSON Data
    • Reference
      • workbench
        • runs submit
        • runs list
        • runs describe
        • runs cancel
        • runs delete
        • runs logs
        • runs tasks list
        • runs events list
        • engines list
        • engines describe
        • engines parameters list
        • engines parameters describe
        • engines health-checks list
        • workflows create
        • workflows list
        • workflows describe
        • workflows update
        • workflows delete
        • workflows versions create
        • workflows versions list
        • workflows versions describe
        • workflows versions files
        • workflows versions update
        • workflows versions delete
        • workflows versions defaults create
        • workflows versions defaults list
        • workflows versions defaults describe
        • workflows versions defaults update
        • workflows versions defaults delete
        • namespaces get-default
        • storage add
        • storage delete
        • storage describe
        • storage list
        • storage update
        • storage platforms add
        • storage platforms delete
        • storage platforms describe
        • storage platforms list
        • samples list
        • samples describe
        • samples files list
      • publisher
        • datasources list
  • Analysis
    • Python Library
    • Popular Environments
      • Cromwell
      • CWL Tool
      • Terra
      • Nextflow
      • DNAnexus
Powered by GitBook

© DNAstack. All rights reserved.

On this page
  • Concepts
  • Minimal Configuration
  • Getting Credentials to Storage Account

Was this helpful?

  1. publisher
  2. Data Sources
  3. Connectors

Microsoft Azure Blob Storage Permissions

PreviousPostgreSQL on Azure PermissionsNextConnecting to Microsoft Azure Blob Storage

Last updated 3 months ago

Was this helpful?

Configuring Azure Blob Storage permissions establishes secure access between and your Azure storage resources. These permissions define how Publisher can interact with your storage accounts using service principals and role assignments, ensuring controlled access to your data.

This guide covers the core concepts and minimal configuration needed to connect Publisher to Azure Blob Storage, including credential creation and access management.

Concepts

  1. Service Principal (SP): This is an identity created for use with applications, hosted services, and automated tools to access Azure resources. Each SP has a unique ID and can be assigned roles to grant permissions.

  2. Storage Account: This container houses a set of Azure Storage services, including Blob Storage. It provides a unique namespace for your Azure Storage data that is accessible from anywhere in the world over HTTP or HTTPS.

  3. Permission: These are granular actions that a user or service principal can perform on a given resource. Examples include read, write, delete, and list operations on blobs.

  4. Role: A collection of permissions typically needed for specific interactions against one or more resources. Examples include "Storage Blob Data Reader", "Storage Blob Data Contributor", and "Storage Blob Data Owner".

  5. Resource Group: A container that holds related resources for an Azure solution. The resource group can include all the resources for the solution or only those you want to manage as a group.

  6. Subscription: An Azure subscription is a logical container used for provisioning resources in Azure. It holds the details of all your resources, such as virtual machines (VMs), databases, and more.

Minimal Configuration

To perform these operations, you must log in to your as an administrator.

This setup represents the minimal permissions needed to connect Publisher to an Azure Blob Storage bucket.

Getting Credentials to Storage Account

Create a new Service Principal in any Resource Group

az storage account keys list \
  --resource-group ${RESOURCE_GROUP} \
  --account-name ${STORAGE_ACCOUNT} \
  --query "[].{Key:keyName, Value:value}" \ 
  --output table
Publisher
Azure Storage account