Generally available: Azure Storage – Attribute-based access control for standard storage accounts
Published date: 26 October, 2022
Attribute-based access control (ABAC) is an authorisation strategy that defines access levels based on attributes associated with security principals, resources and requests. Azure ABAC builds on role-based access control (RBAC) by adding conditions to Azure role assignments in the existing identity and access management (IAM) system. This release makes role assignment conditions using request and resource attributes on Blobs, ADLS Gen2 and storage queues for standard storage accounts generally available.
Role-assignment conditions allow finer-grained access control for storage resources. They can also be used to simplify hundreds of role assignments for a storage resource. This release allows you to author conditions for storage DataActions and can be used with built-in or custom roles.
Note: Azure ABAC using request and resource attributes for premium storage accounts and principal attributes for standard and premium storage accounts remains in preview.