DP-900: Microsoft Azure Data Fundamentals

File Based Storage

Roles and Responsibilities

In this lesson, we'll outline the key groups involved in managing file-based storage on Azure and map them to built-in roles that enforce the principle of least privilege.

Note

Grant only the minimum permissions required—this enforces security and reduces the risk of accidental data exposure.

We typically organize access into three groups:

  • Users
    Need read or read/write access to files, blobs, or file shares for day-to-day operations.
  • Administrators
    Manage storage accounts, assign or revoke permissions, configure backups, and define data governance policies.
  • Data Engineers
    Provision and configure storage resources without direct access to the data itself.

Once responsibilities are defined, assign each group an Azure role that aligns with their tasks.

The image is a diagram showing a central file icon connected to various user icons and checklists, indicating a workflow or process. It is labeled "Introduction" and includes a copyright notice from KodeKloud.


User Responsibilities

Users operate in a self-service environment. They receive scoped permissions on the storage objects they need, enabling independent work without frequent administrative requests.

  • Read data from files, blobs, or containers
  • Modify or upload new data when granted write access
  • Access only the shares or containers explicitly assigned to them

Administrator Responsibilities

Administrators oversee the lifecycle and compliance of storage resources:

  • Assign and revoke RBAC permissions (Storage Blob Data Reader, Storage Blob Data Contributor)
  • Configure and manage automated backups for point-in-time restores
  • Integrate with Microsoft Purview to define retention and classification policies

Warning

Incorrect or overly broad RBAC assignments can lead to unintended data exposure. Always audit role assignments regularly.


Data Engineer Responsibilities

Data Engineers handle provisioning and configuration tasks without accessing content directly:

  • Create and configure storage accounts and file shares
  • Optimize performance tiers based on workload patterns
  • Automate deployments using Azure CLI or Terraform

The image outlines three data roles: Users, Administrators, and Data Engineers, each with specific responsibilities. Users operate in a self-serve environment, Administrators handle permissions and backups, and Data Engineers use Microsoft Purview.


We’ve explored unstructured data storage on Azure and the roles needed to manage it securely.

  • File and object storage support binary files and common text formats (CSV, JSON, XML).
  • Azure storage accounts host both Azure Files and Azure Blob Storage.
  • Premium accounts use SSDs for low-latency I/O.
  • File shares utilize the SMB protocol for broad OS compatibility.

Storage Account Tiers Comparison

TierStorage CostAccess CostUse Case
HotHigherLowerFrequently accessed data
CoolLowerHigherInfrequently accessed, but not archival
ArchiveLowest (hours to retrieve)Highest (latency)Long-term retention with rare retrieval

The image is a summary of file-based storage options, highlighting different tiers: hot (cheaper transfers, more expensive storage), cool (more expensive transfers, cheaper storage), and archives (cheap storage with high latency).


References

Watch Video

Watch video content

Previous
Demo Containers