< Back
New-AzureStorageAccountSASToken
Post
NAME New-AzureStorageAccountSASToken
SYNOPSIS
Creates an account-level SAS token.
SYNTAX
New-AzureStorageAccountSASToken [-Context <IStorageContext>] [-ExpiryTime <DateTime>] [-IPAddressOrRange <String>] [-Permission <String>]
[-Protocol {HttpsOnly | HttpsOrHttp}] -ResourceType {None | Service | Container | Object} -Service {None | Blob | File | Queue | Table}
[-StartTime <DateTime>] [<CommonParameters>]
DESCRIPTION
The New-AzureStorageSASToken cmdlet creates an account-level shared access signature (SAS) token for an Azure Storage account.
You can use the SAS token to delegate permissions for multiple services, or to delegate permissions for services not available with an
object-level SAS token.
PARAMETERS
-Context <IStorageContext>
Specifies the Azure storage context. You can use the New-AzureStorageContext cmdlet to get an AzureStorageContext object.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName, ByValue)
Accept wildcard characters? false
-ExpiryTime <DateTime>
Specifies the time at which the shared access signature becomes invalid.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-IPAddressOrRange <String>
Specifies the IP address or range of IP addresses from which to accept requests, such as 168.1.5.65 or 168.1.5.60-168.1.5.70. The range is
inclusive.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Permission <String>
Specifies the permissions for Storage account. Permissions are valid only if they match the specified resource type. For more information
about acceptable permission values, see Constructing an Account SAShttp://go.microsoft.com/fwlink/?LinkId=799514
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Protocol <SharedAccessProtocol>
Specifies the protocol permitted for a request made with the account SAS. The acceptable values for this parameter are:
- HttpsOnly
- HttpsOrHttp
The default value is HttpsOrHttp.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-ResourceType <SharedAccessAccountResourceTypes>
Specifies the resource types that are available with the SAS token. The acceptable values for this parameter are:
- None
- Service
- Container
- Object
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Service <SharedAccessAccountServices>
Specifies the service. The acceptable values for this parameter are:
- None
- Blob
- File
- Queue
- Table
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-StartTime <DateTime>
Specifies the time, as a DateTime object, at which the SAS becomes valid. To get a DateTime object, use the Get-Date cmdlet.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
IStorageContext
Parameter 'Context' accepts value of type 'IStorageContext' from the pipeline
OUTPUTS
System.String
NOTES
Example 1: Create an account-level SAS token with full permission
PS C:\\> New-AzureStorageAccountSASToken -Service Blob,File,Table,Queue -ResourceType Service,Container,Object -Permission "racwdlup"
This command creates an account-level SAS token with full permission.
Example 2: Create an account-level SAS token for a range of IP addresses
PS C:\\> New-AzureStorageAccountSASToken -Service Blob,File,Table,Queue -ResourceType Service,Container,Object -Permission "racwdlup" -Protocol
HttpsOnly -IPAddressOrRange 168.1.5.60-168.1.5.70
This command creates an account-level SAS token for HTTPS-only requests from the specified range of IP addresses.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... ntsastoken
New-AzureStorageBlobSASToken
New-AzureStorageContainerSASToken
New-AzureStorageFileSASToken
New-AzureStorageQueueSASToken
New-AzureStorageShareSASToken
New-AzureStorageTableSASToken
SYNOPSIS
Creates an account-level SAS token.
SYNTAX
New-AzureStorageAccountSASToken [-Context <IStorageContext>] [-ExpiryTime <DateTime>] [-IPAddressOrRange <String>] [-Permission <String>]
[-Protocol {HttpsOnly | HttpsOrHttp}] -ResourceType {None | Service | Container | Object} -Service {None | Blob | File | Queue | Table}
[-StartTime <DateTime>] [<CommonParameters>]
DESCRIPTION
The New-AzureStorageSASToken cmdlet creates an account-level shared access signature (SAS) token for an Azure Storage account.
You can use the SAS token to delegate permissions for multiple services, or to delegate permissions for services not available with an
object-level SAS token.
PARAMETERS
-Context <IStorageContext>
Specifies the Azure storage context. You can use the New-AzureStorageContext cmdlet to get an AzureStorageContext object.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName, ByValue)
Accept wildcard characters? false
-ExpiryTime <DateTime>
Specifies the time at which the shared access signature becomes invalid.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-IPAddressOrRange <String>
Specifies the IP address or range of IP addresses from which to accept requests, such as 168.1.5.65 or 168.1.5.60-168.1.5.70. The range is
inclusive.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Permission <String>
Specifies the permissions for Storage account. Permissions are valid only if they match the specified resource type. For more information
about acceptable permission values, see Constructing an Account SAShttp://go.microsoft.com/fwlink/?LinkId=799514
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Protocol <SharedAccessProtocol>
Specifies the protocol permitted for a request made with the account SAS. The acceptable values for this parameter are:
- HttpsOnly
- HttpsOrHttp
The default value is HttpsOrHttp.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-ResourceType <SharedAccessAccountResourceTypes>
Specifies the resource types that are available with the SAS token. The acceptable values for this parameter are:
- None
- Service
- Container
- Object
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Service <SharedAccessAccountServices>
Specifies the service. The acceptable values for this parameter are:
- None
- Blob
- File
- Queue
- Table
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-StartTime <DateTime>
Specifies the time, as a DateTime object, at which the SAS becomes valid. To get a DateTime object, use the Get-Date cmdlet.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
IStorageContext
Parameter 'Context' accepts value of type 'IStorageContext' from the pipeline
OUTPUTS
System.String
NOTES
Example 1: Create an account-level SAS token with full permission
PS C:\\> New-AzureStorageAccountSASToken -Service Blob,File,Table,Queue -ResourceType Service,Container,Object -Permission "racwdlup"
This command creates an account-level SAS token with full permission.
Example 2: Create an account-level SAS token for a range of IP addresses
PS C:\\> New-AzureStorageAccountSASToken -Service Blob,File,Table,Queue -ResourceType Service,Container,Object -Permission "racwdlup" -Protocol
HttpsOnly -IPAddressOrRange 168.1.5.60-168.1.5.70
This command creates an account-level SAS token for HTTPS-only requests from the specified range of IP addresses.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... ntsastoken
New-AzureStorageBlobSASToken
New-AzureStorageContainerSASToken
New-AzureStorageFileSASToken
New-AzureStorageQueueSASToken
New-AzureStorageShareSASToken
New-AzureStorageTableSASToken