Generally available: Azure Storage — Attribute-based access control for standard storage accounts
Published date: 26 October, 2022
Attribute-based access control (ABAC) is an authorization strategy that defines access levels based on attributes associated with security principals, resources, and requests. Azure ABAC builds on role-based access control (RBAC) by adding conditions to Azure role assignments in the existing identity and access management (IAM) system. This release makes generally available role assignment conditions using request and resource attributes on Blobs, ADLS Gen2 and storage queues for standard storage accounts.
Role-assignment conditions enable finer-grained access control for storage resources. They can also be used to simplify hundreds of role assignments for a storage resource. This release enables you to author conditions for storage DataActions and can be used with built-in or custom roles.
Note: Azure ABAC using request and resource attributes for premium storage accounts and principal attributes for standard and premium storage accounts remains in preview.