Skip to main content

By default, the access key of the Azure Data Lake Storage is available for all deployed AIMMS apps in an AIMMS Cloud tenant, through dex::dls::StorageAccessKey. With this key, AIMMS apps can grant themselves full access to the Storage Account. 

However, it isn't always desired that all data in the Storage Account is visible to all deployed AIMMS apps. Actually, I think nothing should be visible by default. Only if an admin/super user determines that an app is allowed to have access to a certain filesystem/container/directory, it should be granted (principle of least privilege).

This leads to the following 2 requests: 

  • First of all, AIMMS apps shouldn't - by default - have access to the general access key, since this undermines any other attempt to restrict access through (for example) SAS tokens.
  • Second, it would be nice if AIMMS could provide functionality to distribute SAS tokens with limited access to specific AIMMS Cloud apps. This is something I could also build myself by the way (though only if point 1 is addressed), but it would be nice if AIMMS could provide this. 

Curious to hear your thoughts! 

NewOn Backlog
Terms & Conditions

Didn't find what you were looking for? Try searching on our documentation pages:

AIMMS Developer & PRO | AIMMS How-To | AIMMS SC Navigator