In the previous post I described Azure Table Service SAS and showed a couple basic examples. In this post I am going to cover Azure Table Service Stored Access Policy.


Refer to previous posts to get started with Azure Storage Table Service.

Test Data

Use test data from the previous post Part 18: Azure Table + .NET - SAS


I already covered Stored Access Policies in one of previous posts, so to fully understand Stored Access Policies start with Part 9: Azure Queue + .NET - Stored Access Policy. In this post I will cover only features specific to Azure Table Service.

Stored Access Policies for Azure Table Service work almost in the same way as Stored Access Policies for Azure Queue Service. I already described the major difference between SAS for Azure Queue Service and Azure Table Service, so we can modify the example from the previous post. Consider a new example:

var tablePermissions = table.GetPermissions();
tablePermissions.SharedAccessPolicies.Add("sas-test-policy", new SharedAccessTablePolicy
    SharedAccessExpiryTime = DateTimeOffset.Now.AddMinutes(30),
    Permissions = SharedAccessTablePermissions.Query


var sasToken = table.GetSharedAccessSignature(new SharedAccessTablePolicy(),
    "sas-test-policy", // Policy name
    "AU", // Start PartitionKey
    "EMP001", // Start RowKey
    "NZ", // End PartitionKey
    "EMP010"); // End RowKey 

var sasTable = new CloudTable(table.Uri, new StorageCredentials(sasToken));
var availiableRecords = sasTable.CreateQuery<Profile>().ToList().Count;

var tablePermissions2 = table.GetPermissions();

availiableRecords = sasTable.CreateQuery<Profile>().ToList().Count;

This code prints 210 - the number of accessible records and then throws exception:

The remote server returned an error: (403) Forbidden.

This is expected behaviour, because we remove Stored Access Policy after the first call to Azure Table Service.


In this post I showed how to use Stored Access Policies with Shared Access Tokens for specific Partition/Row range. In the next post I am going to switch to Azure Blob Storage.