Deny assignment for data plane actions

Assaf L 317 Reputation points

Can deny assignments be defined to block data plane actions (prevent deletion of blobs inside a storage account for example)?

I know that Blueprints or Azure policy can provide some level of denial to delete actions it doesn't look like it covers data plane actions

  1. Monalla-MSFT 13,166 Reputation points Moderator

    @AssafL Just checking in to see if the below answer helped. If this answers your query, do click "Accept as Answer" and click "Yes" for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

Sign in to comment

1 answer

  1. Stanislav Zhelyazkov 29,586 Reputation points MVP Volunteer Moderator

    Hi,

    DenyAssignments is old concept that as we can see is replaced by denyAction. Unfortunately none of them support deny deletion of blob. May be you can check Azure ABAC for giving the correct access depending on attributes and preventing giving delete permissions on blobs that you do not want to.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments
    Sign in to comment
Sign in to answer

Your answer