az cosmosdb sql role definition
Manage Azure Cosmos DB SQL role definitions.
Commands
Name | Description | Type | Status |
---|---|---|---|
az cosmosdb sql role definition create |
Create a SQL role definition under an Azure Cosmos DB account. |
Core | GA |
az cosmosdb sql role definition delete |
Delete a SQL role definition under an Azure Cosmos DB account. |
Core | GA |
az cosmosdb sql role definition exists |
Check if an Azure Cosmos DB role definition exists. |
Core | GA |
az cosmosdb sql role definition list |
List all SQL role definitions under an Azure Cosmos DB account. |
Core | GA |
az cosmosdb sql role definition show |
Show the properties of a SQL role definition under an Azure Cosmos DB account. |
Core | GA |
az cosmosdb sql role definition update |
Update a SQL role definition under an Azure Cosmos DB account. |
Core | GA |
az cosmosdb sql role definition wait |
Poll on a SQL role definition until a specific condition is met. |
Core | GA |
az cosmosdb sql role definition create
Create a SQL role definition under an Azure Cosmos DB account.
az cosmosdb sql role definition create --account-name
--body
--resource-group
[--no-wait]
Examples
Create a SQL role definition under an Azure Cosmos DB account using a JSON string.
az cosmosdb sql role definition create --account-name MyAccount --resource-group MyResourceGroup --body '{
"Id": "be79875a-2cc4-40d5-8958-566017875b39",
"RoleName": "My Read Only Role",
"Type": "CustomRole",
"AssignableScopes": ["/dbs/mydb/colls/mycontainer"],
"Permissions": [{
"DataActions": [
"Microsoft.DocumentDB/databaseAccounts/readMetadata",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/executeQuery",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readChangeFeed"
]
}]
}'
Create a SQL role definition under an Azure Cosmos DB account using a JSON file.
az cosmosdb sql role definition create --account-name MyAccount --resource-group MyResourceGroup --body @role-definition.json
Required Parameters
Cosmosdb account name.
Role Definition body with Id (Optional for create), DataActions or Permissions, Type (Default is CustomRole), and AssignableScopes. You can enter it as a string or as a file, e.g., --body @rdbody-file.json or --body "{ "Id": "be79875a-2cc4-40d5-8958-566017875b39", "RoleName": "My Read Write Role", "Type": "CustomRole", "AssignableScopes": [ "/" ], "DataActions": [ "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create", "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read" ]}".
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Optional Parameters
Do not wait for the long-running operation to finish.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az cosmosdb sql role definition delete
Delete a SQL role definition under an Azure Cosmos DB account.
az cosmosdb sql role definition delete --account-name
--id
--resource-group
[--no-wait]
[--yes]
Examples
Delete a SQL role definition under an Azure Cosmos DB account.
az cosmosdb sql role definition delete --account-name MyAccount --resource-group MyResourceGroup --id be79875a-2cc4-40d5-8958-566017875b39
Required Parameters
Cosmosdb account name.
Unique ID for the Role Definition.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Optional Parameters
Do not wait for the long-running operation to finish.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az cosmosdb sql role definition exists
Check if an Azure Cosmos DB role definition exists.
az cosmosdb sql role definition exists --account-name
--id
--resource-group
Examples
Check if an Azure Cosmos DB role definition exists.
az cosmosdb sql role definition exists --account-name MyAccount --resource-group MyResourceGroup --id be79875a-2cc4-40d5-8958-566017875b39
Required Parameters
Cosmosdb account name.
Unique ID for the Role Definition.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az cosmosdb sql role definition list
List all SQL role definitions under an Azure Cosmos DB account.
az cosmosdb sql role definition list --account-name
--resource-group
Examples
List all SQL role definitions under an Azure Cosmos DB account.
az cosmosdb sql role definition list --account-name MyAccount --resource-group MyResourceGroup
Required Parameters
Cosmosdb account name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az cosmosdb sql role definition show
Show the properties of a SQL role definition under an Azure Cosmos DB account.
az cosmosdb sql role definition show --account-name
--id
--resource-group
Examples
Show the properties of a SQL role definition under an Azure Cosmos DB account.
az cosmosdb sql role definition show --account-name MyAccount --resource-group MyResourceGroup --id be79875a-2cc4-40d5-8958-566017875b39
Required Parameters
Cosmosdb account name.
Unique ID for the Role Definition.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az cosmosdb sql role definition update
Update a SQL role definition under an Azure Cosmos DB account.
az cosmosdb sql role definition update --account-name
--body
--resource-group
[--no-wait]
Examples
Update a SQL role definition under an Azure Cosmos DB account.
az cosmosdb sql role definition update --account-name MyAccount --resource-group MyResourceGroup --body @role-definition.json
Required Parameters
Cosmosdb account name.
Role Definition body with Id (Optional for create), DataActions or Permissions, Type (Default is CustomRole), and AssignableScopes. You can enter it as a string or as a file, e.g., --body @rdbody-file.json or --body "{ "Id": "be79875a-2cc4-40d5-8958-566017875b39", "RoleName": "My Read Write Role", "Type": "CustomRole", "AssignableScopes": [ "/" ], "DataActions": [ "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create", "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read" ]}".
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Optional Parameters
Do not wait for the long-running operation to finish.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az cosmosdb sql role definition wait
Poll on a SQL role definition until a specific condition is met.
az cosmosdb sql role definition wait --account-name
--id
--resource-group
[--created]
[--custom]
[--deleted]
[--exists]
[--interval]
[--timeout]
[--updated]
Examples
Poll on a SQL role definition until it is deleted.
az cosmosdb sql role definition wait --account-name MyAccount --resource-group MyResourceGroup --id cb8ed2d7-2371-4e3c-bd31-6cc1560e84f8 --deleted
Required Parameters
Cosmosdb account name.
Unique ID for the Role Definition.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Optional Parameters
Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
Polling interval in seconds.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.