You're building an ASP.Net Core app to interact with Azure Blob containers using Entra ID and role-based access. What permission should you set for the Azure Storage API?
Storage Blob Data Contributor
AzureAD.Auth
User.Read
Storage.Access
Storage Account Contributor
Storage Blob Data Reader
User.Write
user_impersonation
Blob.Read
client_id
user_impersonation allows the application to act as the user, inheriting their roles and permissions for blob access.