Request blocked by Auth - user does not have required RBAC permission Microsoft.DocumentDB/databaseAccounts/readMetaData

Question

First error is trying to load the FlightExpression items in the azsupportrp-casemgmt-westus db in the azure portal

I was told that the cosmos data explorer would resolve the AAD error above so I used this link to access the db https://cosmos.azure.com/?feature.enableAadDataPlane=true but then got this error

The permission Microsoft.DocumentDb/databaseAccounts/readMetaData is defined in the DocumentDB account contributor, which is a role that I have

I also had the owner role so I was allowed all permissions

I then tried to be an owner of the resource group as a whole, but the error still showed. I think some new security changes are why this error is being shown but I'm not sure what to try next

Answer 1

@Kenley Shaw Thank you for reaching out.

There is restriction on RBAC using the CosmosClient Configure role-based access control with Microsoft Entra ID - Azure Cosmos Db | Microsoft Learn Create Database operations are not supported.

This permission model covers only database operations that involve reading and writing data. It does not cover any kind of management operations on management resources, including:

• Create/Replace/Delete Database
• Create/Replace/Delete Container
• Read/Replace Container Throughput
• Create/Replace/Delete/Read Stored Procedures
• Create/Replace/Delete/Read Triggers
• Create/Replace/Delete/Read User Defined Functions

Regards,

Oury