How to use Managed Identity to update data in CosmosDb using azure functions

Dinesh 6 Reputation points
2021-08-24T14:56:19.96+00:00

I am working on Azure functions with .net 5 and isolated mode which talks to CosmosDB and update data. I tried this from docs and I get below error.

Response status code does not indicate success: Forbidden (403); Substatus: 5301; ActivityId: 357bf25e-f0c9-4d3d-ac56-80eed3f247f4; Reason: (Request blocked by Auth testmafadb : Request is blocked because principal [4345d457-c7cf-4c5a-8ca2-d3e9a5a69869] does not have required RBAC permissions to perform action [Microsoft.DocumentDB/databaseAccounts/readMetadata] on resource [/].

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,382 questions
ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,239 questions
Azure Cosmos DB
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,469 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,846 questions
{count} vote

1 answer

Sort by: Most helpful
  1. Daniel Comer 16 Reputation points
    2021-11-05T13:22:50.403+00:00

    We figured out our problem. The DocumentDB Account Contributer role is not the correct role for SDK access. The roles necessary are "Cosmos DB Built-in Data Reader" and "Cosmos DB Built-in Data Contributor". They cannot be assigned from the UI. See https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac for the details.

    3 people found this answer helpful.
    0 comments No comments