Share via

How to retrieve Storage Account ACLs using RestAPI

Koduri, Satya (Contractor) 26 Reputation points
2025-02-24T22:08:00.9033333+00:00

I am attempting to read Access Control Lists (ACLs) assigned to a Storage account container using a service principal that has 'Storage Blob Data Contributor' access on the Storage account and Data plane's Path - Get Properties REST API. However, I encounter the error "405-UnsupportedHttpVerb: The resource doesn't support the specified HTTP Verb." Despite this, I am able to successfully retrieve the 'List' API without any issues. Do we need any different role to be able to read 'GetProperties' api? Please advise.

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,101 questions
Accepted answer
  1. Keshavulu Dasari 3,790 Reputation points Microsoft Vendor
    2025-02-24T23:14:59.82+00:00

    Hi Koduri, Satya (Contractor) ,

    I understand the issue with the HTTP verb used for the GetProperties API. The 405-UnsupportedHttpVerb error indicates that the HTTP method you're using is not supported for the resource you're trying to access.

    For the Path - Get Properties API, you should use the HEAD method instead of GET

    This API returns all system and user-defined properties for a path, including the access control list (ACL) if theactionparameter is set togetAccessControl

    Regarding the roles, the Storage Blob Data Contributor role should be sufficient for reading properties and ACLs

    The service principal has the necessary permissions at the correct scope (e.g., container or storage account level).

    Ensure you're using the HEAD method for the GetProperties API. And Set the action parameter to getAccessControl to retrieve the ACL. And verify that the service principal has the Storage Blob Data Contributor role assigned at the appropriate scope.

    For more information:
    https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
    https://learn.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access?tabs=portal

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.           

    User's image

    If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Leandro Ezequiel Molinari 176 Reputation points
    2025-02-25T12:48:17.6366667+00:00

    Hi Koduri, good day!

    You can get ACLs list at the container level. Below I'm sharing the document with the details to run a call by REST API.

    https://learn.microsoft.com/en-us/rest/api/storageservices/get-container-acl?tabs=microsoft-entra-id

    I Hope this information is useful.

    Have a great day.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.