Our blob storage account structure:
container name: simple
inside this container we have blobs:
aa/one.zip
aa/two.zip
bb/ss.zip
bb/dd.zip
Is it possible to generate SAS with write permission for aa “directory”, but no access for bb “directory”?
With Amazon AWS we can easily create restrictions based on object/blob prefix name, but I can't find similar functionality in azure storage sdk for java.
As of today, it is not possible to do so at the folder level because as such there's no folder in Azure Blob Storage.
You can either create a SAS at a container level or at the blob level. If you want your users to only upload files with certain names, you can very well create a SAS with write permission on the blob name. Blob need not be present when you're creating a SAS.
Thus when your users upload a file using this SAS, it will be saved as a blob that you have chosen to name. So what you will do is create a SAS for a blob named bb/ss.zip and give it to a user. When the user uploads the file, it will be saved as bb/ss.zip in your blob container.