Skip to main content

Directory scoped shared access signatures (SAS) generally available

Published date: March 18, 2021

Directory scoped SAS provides constrained access to a single directory when using ADLS Gen2.  This can be used to provide access to a directory and the files it contains.

Previously a SAS could be used to provide access to a filesystem or a file but not a directory.  This added flexibility allows more granular and easier access privilege assignment.

To use directory scoped SAS previous Blob REST versions are supported but the authentication version must be 2020-02-10 or higher. ADLS Gen2 filesystem SDK’s also support directory scoped SAS and you can also generate a directory-scoped SAS via the Azure portal by selecting a directory and the action “Generate SAS”.

Read the SAS overview.

Learn how to use user delegation SAS with directory scope or a service SAS.

  • Azure Blob Storage
  • Azure Data Lake Storage
  • Storage Accounts
  • Features
  • SDK and Tools
  • Services
  • Security

Related Products