Question: RBAC and SAS implementation guide?

[yxiang92128]

A general implementation question from a Storage C++ SDK developer please.

If I have a C++ based application, how do I integrate RBAC access policy with the SAS signature? Is there a guide for doing that? I wonder if Azure Storage CPP SDK even supports the concepts of the Role Based Access Control policy at all?

Thanks for the quick clarification. I am trying to move forward with my current design.

Yang

[katmsft]

Hi Yang,

Thanks for using CPP SDK.
If you are referring to OAuth feature for RBAC, it is not supported yet in the SDK since the service side is not yet ready. Or if you mean you want your client to use RBAC to access the service you provide but using C++ SDK and Azure on your server side, we currently do not offer such convenience level feature.

[yxiang92128]

@katmsft
Hi Kan,
I am referring to client side only.
I have a follow up question, does storage cpp SDK support the concept of the MSI VM extension ?
It is described in the following microsoft link:
https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/overview

I would like to know from a C++ SDK based application other than SAS, are there any other ways to support shared access from multiple tenants and/or applications?

thanks for pointing us to the right direction.

Yang

[katmsft]

Edit:
My last reply was not entirely correct.

In the link you provided there are some links that points to the instructions of how to use MSI for Azure Storage services. You can use it to get Azure Storage access key, that can be used in CPP SDK to access azure storage resources.

[katmsft]

FYI, release 7.0.0 has supported OAuth authentication for Azure Storage, please look at below pages for more information:
https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-msi
https://github.com/Azure/azure-storage-cpp/tree/master/Microsoft.WindowsAzure.Storage/samples/OAuthGettingStarted