Azure – What is a Shared Access Signature?

Using a Shared Access Signature (SAS) is usually the best way to control access rights to Azure storage resources (like a container for backups) without exposing the primary / secondary storage keys. It is based on a URI and this is what I want to look at today.

I always use the Azure Storage Explorer to build a SAS token. Let’s dig into what the different parts mean.


  • In red is the start time (ST) and expiry time (SE) for the access.
  • In blue SP = permissions assigned, for this example being read, write, delete and list.
  • In green, SV is the storage version in use.
  • Dark blue is SR which is the service resource accessed, c = container.
  • Orange is SIG, used to authenticate to the resource.

All combined gives the unique URI.


3 thoughts on “Azure – What is a Shared Access Signature?

  1. Pingback: Dew Drop – September 10, 2019 (#3027) | Morning Dew

  2. Pingback: Shared Access Signatures – Curated SQL

  3. Pingback: Restoring to Azure SQL Managed Instance – Part 2 | All About Data

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s