# Storage Access Control (IAM)

## Reader

{% embed url="<https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#reader>" %}

For OSDCloud to work with Azure Storage, the Technician will need Reader access to the Storage Account.  This allows for the reading of Tags which are used by OSDCloud, and the listing of the Containers

![](https://344220114-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MVSV22dcsjKDdOxDA6n%2Fuploads%2FuwvRSXrzQTY8xjlqfyWk%2Fimage.png?alt=media\&token=12deb708-c5b4-43d4-81b6-3785b9ec8523)

## Storage Blob Data Reader

{% embed url="<https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage-blob-data-reader>" %}

Additionally, the Storage Blob Data Reader must be added for the Containers in the Storage Account that contains the WIM files.  This can be added at the Storage Account level, or a specific Container

![](https://344220114-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MVSV22dcsjKDdOxDA6n%2Fuploads%2FwG5FGRyJZtnb5iIFTq5x%2Fimage.png?alt=media\&token=8675420d-f2b7-4efc-b6a9-581d38b5b0b7)

## Azure Role Assignments

Verify the proper permissions in Azure Active Directory

![](https://344220114-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MVSV22dcsjKDdOxDA6n%2Fuploads%2Fi79mI1vprEc0txvsB6TY%2Fimage.png?alt=media\&token=3ca83c9f-abf7-41f5-a22b-147c97d7a10e)

## Sponsor

{% embed url="<https://www.recastsoftware.com/?utm_source=osdeploy&utm_medium=ad&utm_campaign=web>" %}
OSDeploy is sponsored by Recast Software
{% endembed %}