Missing Cosmos DB Built-in Data Reader and Cosmos DB Built-in Data Contributor roles

Cesar Revert 21 Reputation points
2022-09-05T16:24:26.827+00:00

Hi,

I'm trying to to connect to a CosmosDB using the Java Azure SDK, and I'm getting a 403 with the following message: 

Request blocked by Auth **** : Request is blocked because principal [*****] does not have required RBAC permissions to perform action [Microsoft.DocumentDB/databaseAccounts/readMetadata] on resource [/].

I've found this issue, but I can't find the roles Cosmos DB Built-in Data Reader or Cosmos DB Built-in Data Contributor, the roles that I can assign to the service principal are the following:

  • Cosmos DB Account Reader Role
  • Cosmos DB Operator
  • CosmosBackupOperator

Where are the Cosmos DB Built-in Data Reader or Cosmos DB Built-in Data Contributor? Do I need to create a custom role and assign the different required permissions?

Thxs.

Azure Cosmos DB
Azure Cosmos DB
An Azure NoSQL database service for app development.
979 questions
Accepted answer
  1. ShaktiSingh-MSFT 5,846 Reputation points Microsoft Employee
    2022-09-06T08:46:20.51+00:00

    Hi @Cesar Revert ,

    Welcome to Microsoft Q&A platform and thanks for using Azure Services.

    Please make sure you're using the Cosmos DB CLI commands. This command should show the built-in roles: 

    az cosmosdb sql role definition list --account-name $accountName --resource-group $resourceGroupName

    Please let us know if this solves your problem. If not, we are happy to assist you further.

    • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you.
      Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest