Request blocked by Auth - user does not have required RBAC permission Microsoft.DocumentDB/databaseAccounts/readMetaData

Kenley Shaw 0 Reputation points Microsoft Employee

First error is trying to load the FlightExpression items in the azsupportrp-casemgmt-westus db in the azure portal enter image description here

I was told that the cosmos data explorer would resolve the AAD error above so I used this link to access the db but then got this error enter image description here

The permission Microsoft.DocumentDb/databaseAccounts/readMetaData is defined in the DocumentDB account contributor, which is a role that I have enter image description hereenter image description here

I also had the owner role so I was allowed all permissions enter image description here

I then tried to be an owner of the resource group as a whole, but the error still showed. I think some new security changes are why this error is being shown but I'm not sure what to try next

Azure Cosmos DB
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,535 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Oury Ba-MSFT 17,791 Reputation points Microsoft Employee

    @Kenley Shaw Thank you for reaching out.

    There is restriction on RBAC using the CosmosClient Configure role-based access control with Microsoft Entra ID - Azure Cosmos Db | Microsoft Learn Create Database operations are not supported.

    This permission model covers only database operations that involve reading and writing data. It does not cover any kind of management operations on management resources, including:

    • Create/Replace/Delete Database
    • Create/Replace/Delete Container
    • Read/Replace Container Throughput
    • Create/Replace/Delete/Read Stored Procedures
    • Create/Replace/Delete/Read Triggers
    • Create/Replace/Delete/Read User Defined Functions



    0 comments No comments