Missing Cosmos DB Built-in Data Reader and Cosmos DB Built-in Data Contributor roles

Cesar Revert 21 Reputation points


I'm trying to to connect to a CosmosDB using the Java Azure SDK, and I'm getting a 403 with the following message:

Request blocked by Auth **** : Request is blocked because principal [*****] does not have required RBAC permissions to perform action [Microsoft.DocumentDB/databaseAccounts/readMetadata] on resource [/].  

I've found this issue, but I can't find the roles Cosmos DB Built-in Data Reader or Cosmos DB Built-in Data Contributor, the roles that I can assign to the service principal are the following:

  • Cosmos DB Account Reader Role
  • Cosmos DB Operator
  • CosmosBackupOperator

Where are the Cosmos DB Built-in Data Reader or Cosmos DB Built-in Data Contributor? Do I need to create a custom role and assign the different required permissions?


Azure Cosmos DB
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,437 questions
0 comments No comments
{count} votes

Accepted answer
  1. ShaktiSingh-MSFT 13,271 Reputation points Microsoft Employee

    Hi @Cesar Revert ,

    Welcome to Microsoft Q&A platform and thanks for using Azure Services.

    Please make sure you're using the Cosmos DB CLI commands. This command should show the built-in roles:

    az cosmosdb sql role definition list --account-name $accountName --resource-group $resourceGroupName  

    Please let us know if this solves your problem. If not, we are happy to assist you further.

    • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you.
      Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification

0 additional answers

Sort by: Most helpful