what are the cosmos db roles definitions to create databases, and containers for a custom role definition

Question

I am trying to speed up my resource management in the azure portal, and to do so I need to assign a role to a UserIdentity which will allow it to create and manage database's and containers, in both the SQL databases and the Gremlin database.

I can get it to work by manually adding permissions in the portal, and I can get the reading and writing of data work using custom roles, but I can't find what role definitions to use, as they seem to not be accessible in custom roles.

I was trying "Microsoft.DocumentDb/databaseAccounts/" which gives the error, The provided data action string [Microsoft.DocumentDb/databaseAccounts/] does not correspond to any valid SQL data action,even though its listed in the roles.

Any help would be appreciated.

Answer 1

You can use Azure RBAC through one of the following options to authenticate management operation:

• Azure Resource Manager templates(ARM templates): This template will create a SQL Cosmos account, a natively maintained Role Definition, and a natively maintained Role Assignment for an Azure AD identity

• Azure PowerShell scripts: PowerShell script and automate management of Azure Cosmos DB Core(SQL) API resources, including the Cosmos account, database,container, and throughput.

• Azure CLI scripts: It describes common commands to automate management of your Azure Cosmos DB accounts, databases and containers using Azure CLI.

You can refer this documentation for better Understanding.