![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 37%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,680 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 4%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hello Boyan Stefanov,
Welcome to the Microsoft Q&A and thank you for posting your questions here.
I understand that you would like to restrict a managed identity's access to Azure Cosmos DB for MongoDB account (RU).
Solution
To restrict user-managed identities access in Azure Cosmos DB for MongoDB, best practices is to create a custom Role in your Azure Active Directory (AAD), then assign this custom role to the user-managed identities used by your container apps.
Other method and references that support best practices:
To read more about other methods supported by best practices, kindly use the below links:
- Configuring role-based access control in Azure Cosmos DB for MongoDB: https://learn.microsoft.com/en-us/azure/cosmos-db/mongodb/how-to-setup-rbac
- Restricting user access to data operations in Azure Cosmos DB: https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-restrict-user-data
- GitHub - Restrict user access to data operations in Azure Cosmos DB: https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/cosmos-db/how-to-restrict-user-data.md
- Azure role-based access control in Azure Cosmos DB: https://learn.microsoft.com/en-us/azure/cosmos-db/role-based-access-control
Accept Answer
I hope this is helpful! Do not hesitate to let me know if you have any other questions.
** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.
Best Regards,
Sina Salam