Azure-sdk-for-js: Delete blob version: blockBlobClient.withVersion(id).delete({}) not working

Created on 28 Nov 2020  路  2Comments  路  Source: Azure/azure-sdk-for-js

  • Package Name:
    @azure/storage-blob

  • Package Version:
    12.3.0

  • Operating system:
    MacOS

  • [ ] nodejs
    -14.10.1

  • [ ] typescript

    • 3.9.7

  • Is the bug related to documentation in

Describe the bug
A clear and concise description of what the bug is.
I am attempting to delete a specific version of a storage blob from a Nodejs application:

`
const blockBlobClient = new BlobServiceClient(
'https://' + storageAccountName + '.blob.core.windows.net',
appCredential )
.getContainerClient(containerName)
.getBlockBlobClient(blockBlobName);

const bclient = await blockBlobClient
.withVersion(versionId);
const azureDeleteResult = await bclient.delete({});
`

The result I am getting is:

`RestError: The specified operation is not allowed on version.
RequestId:ebb1f266-901e-00a9-6d55-c5ef3a000000
Time:2020-11-28T07:12:15.2584212Z
at new RestError (/Users/repos/ds-tls/node_modules/@azure/storage-blob/node_modules/@azure/core-http/dist/index.js:2387:28)
at handleErrorResponse (/Users/repos/ds-tls/node_modules/@azure/storage-blob/node_modules/@azure/core-http/dist/index.js:3238:17)
at /Users/repos/ds-tls/node_modules/@azure/storage-blob/node_modules/@azure/core-http/dist/index.js:3177:18
at processTicksAndRejections (internal/process/task_queues.js:93:5)

OperationNotAllowedOnAutomaticSnapshot`
To Reproduce
Steps to reproduce the behavior:

  1. Create BlobStorage Storage Account
  2. Give Service Principal IAM rights to the account: Storage Blob Data Contributor
  3. Upload multiple versions of a document
  4. Use code above to delete a specific historic version of the document

Expected behavior
A clear and concise description of what you expected to happen.

Document version should delete.

Deletion of a specific document version is possible through Portal, I presume it should be possible through code.

This same account CAN delete the entire document, so I presume it has the correct permissions to delete a specific version.

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.

Client Storage customer-reported needs-team-attention question
Source
picture patricknee

All 2 comments

Blob versioning is designed to protect your data from accidental or malicious deletion. To enhance protection, deleting a blob version requires special permissions.
https://docs.microsoft.com/en-us/azure/storage/blobs/versioning-overview#authorize-operations-on-blob-versions

ljian3377 picture ljian3377 on 30 Nov 2020
👍1

Thank you.

I can confirm that deleting a specific version requires a different role, as identified in the link you included. The role "Storage Blob Data Contributor" can read/write/delete entire documents, and read specific versions, but "Storage Blob Data Owner" is required to delete a specific version.

Thanks for the help.

patricknee picture patricknee on 1 Dec 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mitchdenny picture mitchdenny  路  4Comments
pjblakey picture pjblakey  路  3Comments
isaacjoe picture isaacjoe  路  4Comments
IDONTSUDO picture IDONTSUDO  路  4Comments
dgellow picture dgellow  路  4Comments