If the built-in roles "Cosmos DB Built-in Data Reader" and "Cosmos DB Built-in Data Contributor" are not available in the Azure portal's Access Control (IAM) blade for Cosmos DB, it's likely because these roles were not present in your subscription when it was created or because your subscription might not have the necessary permissions to assign these roles.
However, you can still assign custom roles to the managed identity in Cosmos DB. Here's how you can do it through the Azure portal:
- Navigate to your Cosmos DB account in the Azure portal.
- Click on "Access Control (IAM)" in the left-hand menu.
- Click on the "+ Add" button at the top of the "Role assignments" tab.
- In the "Add role assignment" panel, select the "Role" dropdown and choose "Add custom role".
- Create a custom role that aligns with the permissions you want to assign to the managed identity. You can define the permissions using JSON definition or select from existing roles and customize them.
- Once you've defined the custom role, select the appropriate managed identity from the "Select" dropdown.
- Click "Save" to assign the custom role to the managed identity.
Make sure that the custom role you define includes the necessary permissions for data reading or contribution based on your requirements.
Keep in mind that assigning custom roles may require sufficient permissions in your subscription and may also involve understanding the specific permissions needed for Cosmos DB data operations.