# Microsoft Azure Blob Storage Permissions Configuring Azure Blob Storage permissions establishes secure access between [Publisher](https://github.com/DNAstack/dnastack-product-docs/blob/main/docs/publisher/data-sources/connectors/broken-reference/README.md) and your Azure storage resources. These permissions define how Publisher can interact with your storage accounts using service principals and role assignments, ensuring controlled access to your data. This guide covers the core concepts and minimal configuration needed to connect Publisher to Azure Blob Storage, including credential creation and access management. ## Concepts 1. **Service Principal (SP)**: This is an identity created for use with applications, hosted services, and automated tools to access Azure resources. Each SP has a unique ID and can be assigned roles to grant permissions. 2. **Storage Account**: This container houses a set of Azure Storage services, including Blob Storage. It provides a unique namespace for your Azure Storage data that is accessible from anywhere in the world over HTTP or HTTPS. 3. **Permission**: These are granular actions that a user or service principal can perform on a given resource. Examples include read, write, delete, and list operations on blobs. 4. **Role**: A collection of permissions typically needed for specific interactions against one or more resources. Examples include "Storage Blob Data Reader", "Storage Blob Data Contributor", and "Storage Blob Data Owner". 5. **Resource Group**: A container that holds related resources for an Azure solution. The resource group can include all the resources for the solution or only those you want to manage as a group. 6. **Subscription**: An Azure subscription is a logical container used for provisioning resources in Azure. It holds the details of all your resources, such as virtual machines (VMs), databases, and more. ## Minimal Configuration {% hint style="info" %} To perform these operations, you must log in to your [Azure Storage account](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) as an administrator. This setup represents the minimal permissions needed to connect Publisher to an Azure Blob Storage bucket. {% endhint %} ### Getting Credentials to Storage Account Create a new Service Principal in any Resource Group ```bash az storage account keys list \ --resource-group ${RESOURCE_GROUP} \ --account-name ${STORAGE_ACCOUNT} \ --query "[].{Key:keyName, Value:value}" \ --output table ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.omics.ai/products/publisher/data-sources/connectors/microsoft-azure-blob-storage-permissions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.