Skip to content

Shared Access Signature Token generation and IP whitelisting

During an Analysis Model customization process, or, when creating a Model, IFS Cloud Web provides a means to generate a Shared Access Signature Token (SAS Token) to access the Azure Data Lake Gen 2 storage container folder via Power BI Desktop, to connect to the Parquet Data Sources.

To ensure that the Data Lake access is restricted, only a user with the permission set AAAS_DL_USER in an environment where the SAS_TOKEN_PAGE feature is enabled (usually CFG) in the Comma separated list of disabled features system parameter, can access the Shared Access Signature page. (feature toggle disabled by default in every environment)

Read more details about ADLS Gen 2.

During the token creation process,

  1. The command is invoked to create a SAS Token.
  2. The service checks if the user has permission to create a SAS Token.
  3. Azure APIs are invoked to create the SAS Token thereby whitelisting the given IP.
  4. Registers token in Oracle, based on the input details so that it can be removed when the expiry date hits (cleanup functionality not in the current release)
  5. The SAS Token is displayed in the UI (not stored in the DB).
  6. Once the SAS Token expires, the associated whitelisted IPs will be removed (future releases) (The expired SAS Tokens will be monitored by the scheduler service and they will be cleared by the tabular service. All IP addresses that only belong to the expired SAS Token will get removed.)

The Shared Access Signature Page includes whitelisted IPs along with the respective expiry date (First-time navigation displays only the New Token option)

How to obtain a SAS Token

  1. Click New Token to open the IP Whitelisting assistant.

Data Properties:
Property Description
Days to Expiration Provided token expiry values are listed in this selector. The dropdown shows 3 values that are available while 5 days being the default value.
Add my Public IP Clicking Add my Public IP fetches and displays the PC's current Public IP value in a text box under the Whitelisted IP Addresses section.
Adding IP is a mandatory input.
Add IP Selecting + icon opens up a text field to type in one or more desired IPs to whitelist.
Adding IP is a mandatory input.

2.Select Expiration Date as required. The default selection is 5 days.

sas_assisstant2

3.Add IP in the Whitelisted IP Addresses section.

This can be done via two approaches.

  • Add my Public IP - Selecting this button fetches the current IP of the PC and displays it as an entry in the IP addresses section. Once populated, it can be edited if required.

    After adding the current PC IP via the Add my Public IP option, further IP entries can be added by clicking the +.

sas_assisstant4

  • Click + -Selecting this button opens up a new entry in the IP addresses section. One or more IP addresses can be typed in during a session.

sas_assisstant3

4.Click Generate to display the SAS token and SAS URI. Click Copy Token and Copy URI to copy the details.

Note

The SAS Token and the SAS URI need to be copied and saved in a secure location, as the assistant cannot be opened again, and the Token and URI cannot be viewed during a returning page visit.