Microsoft.DocumentDB databaseAccounts/sqlRoleAssignments

  • Article

Bicep resource definition

The databaseAccounts/sqlRoleAssignments resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2024-02-15-preview' = {
  name: 'string'
  parent: resourceSymbolicName
  properties: {
    principalId: 'string'
    roleDefinitionId: 'string'
    scope: 'string'
  }
}

Property values

databaseAccounts/sqlRoleAssignments

Name Description Value
name The resource name

See how to set names and types for child resources in Bicep.		 string (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.		 Symbolic name for resource of type: databaseAccounts
properties Properties to create and update an Azure Cosmos DB SQL Role Assignment. SqlRoleAssignmentResource

SqlRoleAssignmentResource

Name Description Value
principalId The unique identifier for the associated AAD principal in the AAD graph to which access is being granted through this Role Assignment. Tenant ID for the principal is inferred using the tenant associated with the subscription. string
roleDefinitionId The unique identifier for the associated Role Definition. string
scope The data plane resource path for which access is being granted through this Role Assignment. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create an Azure Cosmos DB SQL Account with data plane RBAC

Deploy to Azure		 This template will create a SQL Cosmos account, a natively maintained Role Definition, and a natively maintained Role Assignment for an AAD identity.
Deploy Azure Data Explorer DB with Cosmos DB connection

Deploy to Azure		 Deploy Azure Data Explorer DB with Cosmos DB connection.

ARM template resource definition

The databaseAccounts/sqlRoleAssignments resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments resource, add the following JSON to your template.

{
  "type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments",
  "apiVersion": "2024-02-15-preview",
  "name": "string",
  "properties": {
    "principalId": "string",
    "roleDefinitionId": "string",
    "scope": "string"
  }
}

Property values

databaseAccounts/sqlRoleAssignments

Name Description Value
type The resource type 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments'
apiVersion The resource api version '2024-02-15-preview'
name The resource name

See how to set names and types for child resources in JSON ARM templates.		 string (required)
properties Properties to create and update an Azure Cosmos DB SQL Role Assignment. SqlRoleAssignmentResource

SqlRoleAssignmentResource

Name Description Value
principalId The unique identifier for the associated AAD principal in the AAD graph to which access is being granted through this Role Assignment. Tenant ID for the principal is inferred using the tenant associated with the subscription. string
roleDefinitionId The unique identifier for the associated Role Definition. string
scope The data plane resource path for which access is being granted through this Role Assignment. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create an Azure Cosmos DB SQL Account with data plane RBAC

Deploy to Azure		 This template will create a SQL Cosmos account, a natively maintained Role Definition, and a natively maintained Role Assignment for an AAD identity.
Deploy Azure Data Explorer DB with Cosmos DB connection

Deploy to Azure		 Deploy Azure Data Explorer DB with Cosmos DB connection.

Terraform (AzAPI provider) resource definition

The databaseAccounts/sqlRoleAssignments resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2024-02-15-preview"
  name = "string"
  parent_id = "string"
  body = jsonencode({
    properties = {
      principalId = "string"
      roleDefinitionId = "string"
      scope = "string"
    }
  })
}

Property values

databaseAccounts/sqlRoleAssignments

Name Description Value
type The resource type "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2024-02-15-preview"
name The resource name string (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: databaseAccounts
properties Properties to create and update an Azure Cosmos DB SQL Role Assignment. SqlRoleAssignmentResource

SqlRoleAssignmentResource

Name Description Value
principalId The unique identifier for the associated AAD principal in the AAD graph to which access is being granted through this Role Assignment. Tenant ID for the principal is inferred using the tenant associated with the subscription. string
roleDefinitionId The unique identifier for the associated Role Definition. string
scope The data plane resource path for which access is being granted through this Role Assignment. string