Add docs on SAS permission

Signed-off-by: Somtochi Onyekwere <[email protected]>

Author: somtochiama

docs/spec/v1beta2/buckets.md

@@ -537,8 +537,12 @@ The leading question mark is optional.
 The query values from the `sasKey` data field in the Secrets gets merged with the ones in the `spec.endpoint` of the `Bucket`.
 If the same key is present in the both of them, the value in the `sasKey` takes precedence.
 
-Note that the Azure SAS Token has an expiry date and it should be updated before it expires so that Flux can
-continue to access Azure Storage.
+**Note:** SAS Token has an expiry date and it should be updated before it expires so that Flux can
+continue to access Azure Storage. Also, The source-controller requires a bucket-level SAS token since it checks if the bucket exists and this fails with a container-level SAS token.
+The minimum permissions for the SAS Token is:
+- Allowed services: Blob
+- Allowed resource types: Container, Object
+- Allowed permission: Read, List
 
 #### GCP