How to Assign an AIM Role to a Storage Account on Azure using Azure CLI

In this blog post, we’ll walk you through the process of assigning an AIM role to a storage account using the Azure Command-Line Interface (CLI). This will enable you to securely and efficiently manage access to your storage accounts.

To get started, Identify the storage account you want to work with, and note its name and resource group.

Next, obtain the object ID of the AD user or group you want to grant access. You can do this by running:

az ad user show --id <User UPN> --query id --output tsv

Replace <User UPN> with the User Principal Name (UPN) or object ID of the AD user or group. Note the object ID in the output.

Assign the AIM role to the storage account

Now we have the necessary information, let’s assign the desired AIM role to the storage account. The following command assigns the “Storage Blob Data Contributor” role:

az role assignment create --assignee-object-id <USER_OBJECT_ID> --role "Storage Blob Data Contributor" --scope "/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP_NAME>/providers/Microsoft.Storage/storageAccounts/<STORAGE_ACCOUNT_NAME>"

Replace the following placeholders with the appropriate values:

  • <USER_OBJECT_ID>: The object ID of the AD user or group from Step 2.
  • <SUBSCRIPTION_ID>: Your Azure subscription ID.
  • <RESOURCE_GROUP_NAME>: The resource group name of the storage account from Step 2.
  • <STORAGE_ACCOUNT_NAME>: The name of the storage account from Step

By clicking submit, you agree to share your email address with the site owner and Mailchimp to receive marketing, updates, and other emails from the site owner. Use the unsubscribe link in those emails to opt out at any time.

Processing…
Success! You're on the list.

Posted

in

,

by

NTW – Content Network

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.