Make sure you've made your container public. In your Azure portal go to Storage, select your store and then select your 'Containers' tab. From here select the container you want and click 'Edit' from the menu at the bottom. This triggers a popup where you can set your access to public.
But if he attempts to bring up the BLOB SERVICE \ Containers blade, he
is presented with the text "ACCESS DENIED".
It is a by design behavior, Role Reader just can view every thing about resources, but can't change anything, can't read the files under the container.
If you want to make users can reader files from this storage account, we should set role owner to those accounts.
These members should not be able to delete these blobs.
For now, Azure does not support this. If we want user can read files from storage account, we should set role owner. If we set user as owner, the user can remove files from that storage account.
Even if we set CanNotDelete to that storage account, user still can remove files from it. The locks do not restrict how resources perform their own functions. Resource changes are restricted, but resource operations are not restricted.
Here a similar case about you, please refer to my answer.
As a workaround, we can use Azcopy or other tool to download backup files to local storage(scheduled tasks), and let other users download backup files from local storage.
Best Answer
It seems one cannot move a resource between tenants/directories. However, you can transfer a subscription, so: