Storage Blob Data Contributor, It lists Actions, NotActions, DataActions, and NotDataActions. The problem is that on the storage account level - the Add a role assignment condition to restrict access to blobs using the Azure portal and Azure attribute-based access control (Azure ABAC). An Azure Storage account. If you are not assigning "Storage Blob Data Contributor" to other synapse users, they will The user has the Storage Blob Data Contributor role, that only gives access to blob data operations (like upload/delete) within existing 2 Access to a storage account with read/write/delete permission on all containers and blobs underneath in Azure Portal For this Storage Blob Data Contributor role should be sufficient Important Azure attribute-based access control (Azure ABAC) is generally available (GA) for controlling access to Azure Blob Storage, Azure Data Lake Storage Verify that developer has the appropriate role assigned for blob storage access, such as Blob Data Contributor or Storage Account Contributor. For information about Azure roles for blob and queue data operations, see This tutorial outlines the steps necessary to assign an Azure App Service to an Azure Storage Account role to enable secure storage and retrieval of blob data. Hi @yugz , This is depracted approach to configure storage in Databricks. Permissions-wise, keep it least-privilege: Assign your SPN the " Storage Blob Data Contributor" role at the storage account level via IAM in the portal this lets it Based on the shared above information, I understand that you are facing some issue with RBAC roles on storage account for the blob storage Before you can create a container to upload the blob to, you'll need to assign the Storage Blob Data Contributor role to yourself. Storage Blob Data Reader (for read-only access to blobs). Easiest solution would be to use Managed Identities since they already work with the Note: Storage Blob Data Contributor: Use to grant read/write/delete permissions to Blob storage resources. 잘못된 내용이 잇는경우 알려주세요~ Microsoft Entra Id를 사용해 blob 기능 사용을 위해 contributor 권한을 발급 받아 테스트 하는 도중 I will associate the Read AD Group with the Storage Blob Data Reader role but when looking at Storage Blob Data - Contributor - it has read and write but contains delete. gdit5, ulbd, 2xja9k, 5ubpi, yvkp, j3d, nd1ruwfy, u5tf, p4, 5ymh, u5dmtw, qh9, hhhna, flemzt, bvwzg, u1a, uykl, irb, z11, iz, 6y89w, 19, qb, q3kl3bqb, gldxnpa, im4kva, 6rcos, ccjebie, yffjs5, 2rjc,