{"id":"azure-data-plane-access-security-gradient","text":"Azure data-plane access follows a security gradient from weakest to strongest: SAS tokens provide delegated access with varying revocability (account key SAS is least secure, user delegation SAS most secure), while the Entra identity-to-authorization chain provides full RBAC-governed access — and the gradient position is determined by how deeply a workload integrates with the identity chain, with SAS appropriate for cross-boundary sharing and Entra RBAC for intra-platform access.","truth_value":"IN","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"azure-data-plane-access-security-gradient","truth_value":"IN","reason":"premise"}]}}