SAS keys allow you to give time-limited access to files or folders in File Storage for use in external systems like Azure Storage Explorer. This guide walks you through how to generate SAS keys, set their access level and expiration, and how to revoke them when no longer needed.
Who can generate SAS keys?
Only workspace admins can generate SAS keys.
Users with read-only access cannot create them. To generate a SAS key, you must either own the file or folder or have been given read and write access.
Generate a SAS key for a file or folder
Go to File Storage in the Data Catalogue.
Select the three-dot menu next to the file or folder you want to share.
Choose Generate keys.
In the popup, select the access level:
a. Read β allows view and download only.
b. Read and write β allows upload, delete, and SAS key generation.
Set the expiration date under Set access end.
Click Generate key, then Copy key to paste it into your external tool.
Best practices for using SAS keys
Use SAS keys only when necessary. Prefer using the Veracity API, which provides more secure and manageable access.
Always choose the least access level needed. For example, use read access for simple downloads.
Always set an expiration date to automatically limit how long the key is valid.
Generate a SAS key for the entire workspace
If you want to provide access to your entire workspace:
In File Storage, select the three dot menu in the top-right corner.
Choose Generate workspace key.
Set the access level and expiration date.
Copy and use the key as needed in external systems.
Revoke all SAS keys
To remove all active SAS keys from your workspace:
Select the three dot menu in the top-right corner of File Storage.
Choose Revoke all keys.
In the confirmation window, select the types of keys to revoke and click Revoke.
This action immediately disables all selected keys.
Revoke access for individual users
To revoke access to a specific file or folder:
In File Storage, check the Shared with column.
Click the name of the person to see their permissions.
Click the X symbol next to their name to revoke access.
This helps you manage sharing on a case-by-case basis.