{"id":"storage-delegator-roles-for-sas-not-data","text":"Storage Delegator roles (Blob, File, Queue, Table) are specifically for creating user delegation SAS tokens signed with Azure AD — they do not grant direct data access.","truth_value":"IN","source":"entries/2026/03/11/rbac-built-in-roles.md","source_url":"","source_hash":"a6ab58d61750d4bf","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"storage-delegator-roles-for-sas-not-data","truth_value":"IN","reason":"premise"}]}}