Share via


az cosmosdb sql role definition

Manage Azure Cosmos DB SQL role definitions.

Commands

Name Description Type Status
az cosmosdb sql role definition create

Create a SQL role definition under an Azure Cosmos DB account.

Core GA
az cosmosdb sql role definition delete

Delete a SQL role definition under an Azure Cosmos DB account.

Core GA
az cosmosdb sql role definition exists

Check if an Azure Cosmos DB role definition exists.

Core GA
az cosmosdb sql role definition list

List all SQL role definitions under an Azure Cosmos DB account.

Core GA
az cosmosdb sql role definition show

Show the properties of a SQL role definition under an Azure Cosmos DB account.

Core GA
az cosmosdb sql role definition update

Update a SQL role definition under an Azure Cosmos DB account.

Core GA
az cosmosdb sql role definition wait

Poll on a SQL role definition until a specific condition is met.

Core GA

az cosmosdb sql role definition create

Create a SQL role definition under an Azure Cosmos DB account.

az cosmosdb sql role definition create --account-name
                                       --body
                                       --resource-group
                                       [--no-wait]

Examples

Create a SQL role definition under an Azure Cosmos DB account using a JSON string.

az cosmosdb sql role definition create --account-name MyAccount --resource-group MyResourceGroup --body '{
  "Id": "be79875a-2cc4-40d5-8958-566017875b39",
  "RoleName": "My Read Only Role",
  "Type": "CustomRole",
  "AssignableScopes": ["/dbs/mydb/colls/mycontainer"],
  "Permissions": [{
    "DataActions": [
      "Microsoft.DocumentDB/databaseAccounts/readMetadata",
      "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read",
      "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/executeQuery",
      "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readChangeFeed"
    ]
  }]
}'

Create a SQL role definition under an Azure Cosmos DB account using a JSON file.

az cosmosdb sql role definition create --account-name MyAccount --resource-group MyResourceGroup --body @role-definition.json

Required Parameters

--account-name -a

Cosmosdb account name.

--body -b

Role Definition body with Id (Optional for create), DataActions or Permissions, Type (Default is CustomRole), and AssignableScopes. You can enter it as a string or as a file, e.g., --body @rdbody-file.json or --body "{ "Id": "be79875a-2cc4-40d5-8958-566017875b39", "RoleName": "My Read Write Role", "Type": "CustomRole", "AssignableScopes": [ "/" ], "DataActions": [ "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create", "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read" ]}".

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az cosmosdb sql role definition delete

Delete a SQL role definition under an Azure Cosmos DB account.

az cosmosdb sql role definition delete --account-name
                                       --id
                                       --resource-group
                                       [--no-wait]
                                       [--yes]

Examples

Delete a SQL role definition under an Azure Cosmos DB account.

az cosmosdb sql role definition delete --account-name MyAccount --resource-group MyResourceGroup --id be79875a-2cc4-40d5-8958-566017875b39

Required Parameters

--account-name -a

Cosmosdb account name.

--id -i

Unique ID for the Role Definition.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az cosmosdb sql role definition exists

Check if an Azure Cosmos DB role definition exists.

az cosmosdb sql role definition exists --account-name
                                       --id
                                       --resource-group

Examples

Check if an Azure Cosmos DB role definition exists.

az cosmosdb sql role definition exists --account-name MyAccount --resource-group MyResourceGroup --id be79875a-2cc4-40d5-8958-566017875b39

Required Parameters

--account-name -a

Cosmosdb account name.

--id -i

Unique ID for the Role Definition.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az cosmosdb sql role definition list

List all SQL role definitions under an Azure Cosmos DB account.

az cosmosdb sql role definition list --account-name
                                     --resource-group

Examples

List all SQL role definitions under an Azure Cosmos DB account.

az cosmosdb sql role definition list --account-name MyAccount --resource-group MyResourceGroup

Required Parameters

--account-name -a

Cosmosdb account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az cosmosdb sql role definition show

Show the properties of a SQL role definition under an Azure Cosmos DB account.

az cosmosdb sql role definition show --account-name
                                     --id
                                     --resource-group

Examples

Show the properties of a SQL role definition under an Azure Cosmos DB account.

az cosmosdb sql role definition show --account-name MyAccount --resource-group MyResourceGroup --id be79875a-2cc4-40d5-8958-566017875b39

Required Parameters

--account-name -a

Cosmosdb account name.

--id -i

Unique ID for the Role Definition.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az cosmosdb sql role definition update

Update a SQL role definition under an Azure Cosmos DB account.

az cosmosdb sql role definition update --account-name
                                       --body
                                       --resource-group
                                       [--no-wait]

Examples

Update a SQL role definition under an Azure Cosmos DB account.

az cosmosdb sql role definition update --account-name MyAccount --resource-group MyResourceGroup --body @role-definition.json

Required Parameters

--account-name -a

Cosmosdb account name.

--body -b

Role Definition body with Id (Optional for create), DataActions or Permissions, Type (Default is CustomRole), and AssignableScopes. You can enter it as a string or as a file, e.g., --body @rdbody-file.json or --body "{ "Id": "be79875a-2cc4-40d5-8958-566017875b39", "RoleName": "My Read Write Role", "Type": "CustomRole", "AssignableScopes": [ "/" ], "DataActions": [ "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create", "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read" ]}".

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az cosmosdb sql role definition wait

Poll on a SQL role definition until a specific condition is met.

az cosmosdb sql role definition wait --account-name
                                     --id
                                     --resource-group
                                     [--created]
                                     [--custom]
                                     [--deleted]
                                     [--exists]
                                     [--interval]
                                     [--timeout]
                                     [--updated]

Examples

Poll on a SQL role definition until it is deleted.

az cosmosdb sql role definition wait --account-name MyAccount --resource-group MyResourceGroup --id cb8ed2d7-2371-4e3c-bd31-6cc1560e84f8 --deleted

Required Parameters

--account-name -a

Cosmosdb account name.

--id -i

Unique ID for the Role Definition.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Default value: False
--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

Default value: False
--exists

Wait until the resource exists.

Default value: False
--interval

Polling interval in seconds.

Default value: 30
--timeout

Maximum wait in seconds.

Default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.