diff --git a/sdk/storage/Azure.Storage.DataMovement.Blobs/README.md b/sdk/storage/Azure.Storage.DataMovement.Blobs/README.md index d46db36ee2f36..19adc6f5a2843 100644 --- a/sdk/storage/Azure.Storage.DataMovement.Blobs/README.md +++ b/sdk/storage/Azure.Storage.DataMovement.Blobs/README.md @@ -45,6 +45,17 @@ az storage account create --name MyStorageAccount --resource-group MyResourceGro ### Authenticate the client The Azure.Storage.DataMovement.Blobs library uses clients from the Azure.Storage.Blobs package to communicate with the Azure Blob Storage service. For more information see the Azure.Storage.Blobs [authentication documentation](/~https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/storage/Azure.Storage.Blobs#authenticate-the-client). +### Permissions + +The authenticated blob storage resource needs the following permissions to perform a transfer: + +1. Read +2. List (for container transfers) +3. Write +4. Add (specific to append blobs) +5. Delete (for cleanup of a failed transfer item) +6. Create + ## Key concepts The Azure Storage Common client library contains shared infrastructure like diff --git a/sdk/storage/Azure.Storage.DataMovement.Files.Shares/README.md b/sdk/storage/Azure.Storage.DataMovement.Files.Shares/README.md index eba9c29bdcfa4..2b2293f753f76 100644 --- a/sdk/storage/Azure.Storage.DataMovement.Files.Shares/README.md +++ b/sdk/storage/Azure.Storage.DataMovement.Files.Shares/README.md @@ -47,6 +47,16 @@ az storage account create --name MyStorageAccount --resource-group MyResourceGro ### Authenticate the client The Azure.Storage.DataMovement.Files.Shares library uses clients from the Azure.Storage.Files.Shares package to communicate with the Azure File Storage service. For more information see the Azure.Storage.Files.Shares [authentication documentation](/~https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/storage/Azure.Storage.Files.Shares#authenticate-the-client). +### Permissions + +The authenticated share storage resource needs the following permissions to perform a transfer: + +1. Read +2. List (for directory transfers) +3. Write +5. Delete (for cleanup of a failed transfer item) +6. Create + ## Key concepts The Azure Storage Common client library contains shared infrastructure like diff --git a/sdk/storage/Azure.Storage.DataMovement/README.md b/sdk/storage/Azure.Storage.DataMovement/README.md index b8985b81a471e..1ba0adbbb872d 100644 --- a/sdk/storage/Azure.Storage.DataMovement/README.md +++ b/sdk/storage/Azure.Storage.DataMovement/README.md @@ -44,6 +44,14 @@ az storage account create --name MyStorageAccount --resource-group MyResourceGro Authentication is specific to the targeted storage service. Please see documentation for the individual services +### Permissions + +Data Movement must have appropriate permissions to the storage resources. +Permissions are specific to the type of storage Data Movement is connected to. + +- [Blob storage permissions](/~https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/storage/Azure.Storage.DataMovement.Blobs/README.md#permissions) +- [File share permissions](/~https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/storage/Azure.Storage.DataMovement.Files.Shares//README.md#permissions) + ## Key concepts The Azure Storage DataMovement client library contains shared infrastructure like diff --git a/sdk/storage/Azure.Storage.DataMovement/src/TransferManager.cs b/sdk/storage/Azure.Storage.DataMovement/src/TransferManager.cs index 3910353a5dee9..8068939ed2f8b 100644 --- a/sdk/storage/Azure.Storage.DataMovement/src/TransferManager.cs +++ b/sdk/storage/Azure.Storage.DataMovement/src/TransferManager.cs @@ -353,6 +353,7 @@ internal virtual Task TryRemoveTransferAsync(string id) #region Start Transfer /// /// Starts a transfer from the given source resource to the given destination resource. + /// Ensure instances are built with appropriate permissions. /// /// A representing the source. /// A representing the destination.