We figured out our problem. The DocumentDB Account Contributer role is not the correct role for SDK access. The roles necessary are "Cosmos DB Built-in Data Reader" and "Cosmos DB Built-in Data Contributor". They cannot be assigned from the UI. See https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac for the details.
How to use Managed Identity to update data in CosmosDb using azure functions
Dinesh
6
Reputation points
I am working on Azure functions with .net 5 and isolated mode which talks to CosmosDB and update data. I tried this from docs and I get below error.
Response status code does not indicate success: Forbidden (403); Substatus: 5301; ActivityId: 357bf25e-f0c9-4d3d-ac56-80eed3f247f4; Reason: (Request blocked by Auth testmafadb : Request is blocked because principal [4345d457-c7cf-4c5a-8ca2-d3e9a5a69869] does not have required RBAC permissions to perform action [Microsoft.DocumentDB/databaseAccounts/readMetadata] on resource [/].