{
  "context": "This evaluation assesses the engineer's ability to use azure-data-tables package for generating Shared Access Signature (SAS) tokens with fine-grained permissions and IP restrictions. The focus is on proper usage of generate_table_sas() function with time-based expiry, permission control, IP restrictions, and protocol enforcement.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Uses generate_table_sas",
      "description": "Implementation uses the generate_table_sas() function from azure.data.tables module to generate table-level SAS tokens",
      "max_score": 25
    },
    {
      "name": "Credential handling",
      "description": "Creates AzureNamedKeyCredential with account_name and account_key for authentication when calling generate_table_sas()",
      "max_score": 15
    },
    {
      "name": "Time-based expiry",
      "description": "Passes start_time and expiry_time parameters (as datetime objects) to generate_table_sas() to control token validity window",
      "max_score": 15
    },
    {
      "name": "Permission scoping",
      "description": "Uses TableSasPermissions class or permission string to specify granular permissions (read, add, update, delete) when generating tokens",
      "max_score": 15
    },
    {
      "name": "IP restrictions",
      "description": "Implements IP-based access control by passing ip parameter to generate_table_sas() for single IPs or IP ranges",
      "max_score": 20
    },
    {
      "name": "Protocol enforcement",
      "description": "Specifies protocol parameter (TableSasProtocol.HTTPS or 'https') in generate_table_sas() to enforce HTTPS-only access",
      "max_score": 10
    }
  ]
}