In this blog post, we’ll walk you through the process of assigning an AIM role to a storage account using the Azure Command-Line Interface (CLI). This will enable you to securely and efficiently manage access to your storage accounts.
To get started, Identify the storage account you want to work with, and note its name and resource group.
Next, obtain the object ID of the AD user or group you want to grant access. You can do this by running:
az ad user show --id <User UPN> --query id --output tsv
<User UPN> with the User Principal Name (UPN) or object ID of the AD user or group. Note the object ID in the output.
Assign the AIM role to the storage account
Now we have the necessary information, let’s assign the desired AIM role to the storage account. The following command assigns the “Storage Blob Data Contributor” role:
az role assignment create --assignee-object-id <USER_OBJECT_ID> --role "Storage Blob Data Contributor" --scope "/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP_NAME>/providers/Microsoft.Storage/storageAccounts/<STORAGE_ACCOUNT_NAME>"
Replace the following placeholders with the appropriate values:
<USER_OBJECT_ID>: The object ID of the AD user or group from Step 2.
<SUBSCRIPTION_ID>: Your Azure subscription ID.
<RESOURCE_GROUP_NAME>: The resource group name of the storage account from Step 2.
<STORAGE_ACCOUNT_NAME>: The name of the storage account from Step