search

MicrosoftDocs / azure-docs

Open source documentation of Microsoft Azure
https://docs.microsoft.com/azure
Creative Commons Attribution 4.0 International
10.3k stars 21.48k forks source link

Storage blob data reader permission is not enough to use go sdk:NewListBlobsHierarchyPager to list blobs and prefixes, but works with rest api #124855

Closed PD-Pramila closed 3 days ago

PD-Pramila commented 1 week ago

We are using go sdk to list and read azure blobs. For our use case, we need to get list of first level subfolders and blobs in a given path (or root).

For this we assigned the role "Storage blob data reader" role to our AAD app. To get first level folders and blob we are using NewListBlobsHierarchyPager. It fails with the error: "This request is not authorized to perform this operation using this permission". If we give Storage blob data contributor", it works. Which we cannot ask our customer to give this permission.

We do not want to use NewListBlobsFlatPager, as it will list all folders and files recursively. This option works with reader permissions.

We tried REST API with delimiter option, and it worked with reader permission. The api is: https://.blob.core.windows.net/?restype=container&comp=list&delimiter=/ This api is equivalent to NewListBlobsHierarchyPager.

REST API works but go code is not working for hierarchical listing.

TPavanBalaji commented 1 week ago

@PD-Pramila It would be great if you could add a link to the documentation you are following for these steps? This would help us redirect the issue to the appropriate team. Thanks!

TPavanBalaji commented 4 days ago

@PD-Pramila Thanks for sharing the feedback. Since this channel is for driving improvements towards Docs, could you please provide the URL of the specific documentation that your feedback is applicable to? That way, we can make sure your feedback is addressed by the right team.

TPavanBalaji commented 3 days ago

@PD-Pramila Thanks for your feedback and your contribution to Azure docs. Feedback for this repository is moving away from GitHub to a system specific to the Microsoft Learn platform. Issues for this repository will soon be disabled, and additional comments from GitHub will no longer be possible. However, we are now tracking and triaging this issue in the new feedback system. To learn more about our feedback systems, please see Provide feedback for Microsoft Learn content.

TPavanBalaji commented 3 days ago

@PD-Pramila We are going to close this thread, if there are any further questions regarding the documentation, please tag me in your reply and we will be happy to continue the conversation.

PD-Pramila commented 2 days ago

Thanks for checking it. It was the issue with the tags. When we include tags in file listing, it needs for owner's permission.