(csp:azure-log-access)=
# Configure storage log access

To access log records for data processing activities on SeqsLab, users must have a data access role such as *Storage Blob Data Reader*. Such roles are assigned in managed resource groups, which hold all the resources required by managed applications on Azure.

## Prerequisites  

- Role with permission to manage role assignments in resource groups (for example, *Owner* or *User Access Administrator*)

1. On the Azure portal, click the name of a storage account in the managed resource group.  

2. On the left menu, click **Access control (IAM)**.  

3. Click **+ Add** and then select **Add role assignment**.  

4. On the *Add role assignment* screen, configure the following settings:  

- *Role*:* Select **Storage Blob Data Reader**. 
    Users, groups, and service principals with this role are granted read access to Azure Storage blob containers and data.  

- *Assign access to*: Select the entity types that require access to log records.  

- *Select*: Select the specific users, groups, service principals, or managed identities that require access to log records.  
    You can search the directory for specific display names or email addresses.

5. Click **Save**.  


## View storage logs

1. On the Azure portal, click the name of a storage account in the managed resource group.  

1. On the left menu, click *Containers*.

1. Click the name of any container to view the associated log records.

## Next steps

Recommend: [Manage Container Registry](tutorials:cli-container-registry)