How to grant RBAC access

What access does the individual user need?

To use this tool, users must have at least Reader or equivalent permissions for the storage accounts to view the resources. In addition, the app requires more granular access through the Storage Blob Data Owner or Storage Blob Data Contributor roles, as it interacts directly with the Azure Storage Blob API.

• Reader or equivalent — allows users to view the storage account resources and containers.
• Storage Blob Data Owner / Contributor — these roles provide the necessary access to read, write, and manage blobs (such as Delta tables) in the storage account via the Azure Storage Blob API. Without these specific permissions, users won't be able to fully use the app's editing features.

Having just the general Owner or Contributor role at the storage account level is not sufficient, because those roles do not cover the more specific blob-related permissions required for the app to function. Therefore, users need both Reader-level permissions on the storage account and Storage Blob Data Owner / Contributor roles to interact with blobs as intended.

How to grant access

This is the minimum access the user needs of the storage account. It is important that the user gets both the Reader (or better) role AND the Storage Blob Data Contributor (or Storage Blob Data Owner) role.

You can grant the user access by clicking the + Add icon in the top.

Granular ACL access

If you know your way around storage account ACL, you can grant the user even more container/folder-granular access. Test your settings when doing this — it's easy to get wrong if you're not familiar with ACL.

Read more here: Link to Microsoft documentation.