Identity types

SAS Token

Diagram representing a glossary term in Oasis Security, illustrating key concepts in non human identity management

A Shared Access Signature (SAS) token is a security token that provides limited access rights to specific resources or services. SAS tokens are commonly used in cloud computing platforms such as Microsoft Azure for secure access control to storage accounts and their components, such as queues, blobs, or other specific resources.

SAS tokens enable fine-grained control over access permissions, allowing administrators to specify the type of access (e.g., read, write, delete) and the duration for which the token is valid. This granular control helps enforce the principle of least privilege, ensuring that users or applications have only the necessary permissions to perform their tasks.

For example, a SAS token generated for a storage account may grant read-only access to specific containers or files for a limited time period. Once the token expires, access is revoked, reducing the risk of unauthorized access or misuse.

SAS tokens are commonly used in scenarios such as sharing files or resources with external users or applications, enabling temporary access to specific resources without requiring permanent credentials. Organizations can enforce security policies and audit access using SAS tokens, helping to protect sensitive data and maintain compliance with regulatory requirements.