Share via


az cosmosdb sql role assignment

Manage Azure Cosmos DB SQL role assignments.

Commands

Name Description Type Status
az cosmosdb sql role assignment create

Create a SQL role assignment under an Azure Cosmos DB account.

Core GA
az cosmosdb sql role assignment delete

Delete a SQL role assignment under an Azure Cosmos DB account.

Core GA
az cosmosdb sql role assignment exists

Check if an Azure Cosmos DB role assignment exists.

Core GA
az cosmosdb sql role assignment list

List all SQL role assignments under an Azure Cosmos DB account.

Core GA
az cosmosdb sql role assignment show

Show the properties of a SQL role assignment under an Azure Cosmos DB account.

Core GA
az cosmosdb sql role assignment update

Update a SQL role assignment under an Azure Cosmos DB account.

Core GA
az cosmosdb sql role assignment wait

Poll on a SQL role assignment until a specific condition is met.

Core GA

az cosmosdb sql role assignment create

Create a SQL role assignment under an Azure Cosmos DB account.

az cosmosdb sql role assignment create --account-name
                                       --principal-id
                                       --resource-group
                                       --scope
                                       [--no-wait]
                                       [--role-assignment-id]
                                       [--role-definition-id]
                                       [--role-definition-name]

Examples

Create a SQL role assignment under an Azure Cosmos DB account using Role Definition Name.

az cosmosdb sql role assignment create --account-name MyAccount --resource-group MyResourceGroup \
  --role-assignment-id cb8ed2d7-2371-4e3c-bd31-6cc1560e84f8 \
  --role-definition-name "My Read Only Role" \
  --scope "/dbs/mydb/colls/mycontainer" \
  --principal-id 6328f5f7-dbf7-4244-bba8-fbb9d8066506

Create a SQL role assignment under an Azure Cosmos DB account using Role Definition ID.

az cosmosdb sql role assignment create --account-name MyAccount --resource-group MyResourceGroup \
  --role-assignment-id cb8ed2d7-2371-4e3c-bd31-6cc1560e84f8 \
  --role-definition-id be79875a-2cc4-40d5-8958-566017875b39 \
  --scope "/dbs/mydb/colls/mycontainer" \
  --principal-id 6328f5f7-dbf7-4244-bba8-fbb9d8066506

Required Parameters

--account-name -a

Cosmosdb account name.

--principal-id -p

AAD Object ID of the principal to which this Role Assignment is being granted.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--scope -s

Data plane resource path at which this Role Assignment is being granted.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--role-assignment-id -i

Optional for Create. Unique ID for the Role Assignment. If not provided, a new GUID will be used.

--role-definition-id -d

Unique ID of the Role Definition that this Role Assignment refers to.

--role-definition-name -n

Unique Name of the Role Definition that this Role Assignment refers to. Eg. 'Contoso Reader Role'.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az cosmosdb sql role assignment delete

Delete a SQL role assignment under an Azure Cosmos DB account.

az cosmosdb sql role assignment delete --account-name
                                       --resource-group
                                       --role-assignment-id
                                       [--no-wait]
                                       [--yes]

Examples

Delete a SQL role assignment under an Azure Cosmos DB account.

az cosmosdb sql role assignment delete --account-name MyAccount --resource-group MyResourceGroup --role-assignment-id cb8ed2d7-2371-4e3c-bd31-6cc1560e84f8

Required Parameters

--account-name -a

Cosmosdb account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--role-assignment-id -i

Optional for Create. Unique ID for the Role Assignment. If not provided, a new GUID will be used.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az cosmosdb sql role assignment exists

Check if an Azure Cosmos DB role assignment exists.

az cosmosdb sql role assignment exists --account-name
                                       --resource-group
                                       --role-assignment-id

Examples

Check if an Azure Cosmos DB role assignment exists.

az cosmosdb sql role assignment exists --account-name MyAccount --resource-group MyResourceGroup --role-assignment-id cb8ed2d7-2371-4e3c-bd31-6cc1560e84f8

Required Parameters

--account-name -a

Cosmosdb account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--role-assignment-id -i

Optional for Create. Unique ID for the Role Assignment. If not provided, a new GUID will be used.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az cosmosdb sql role assignment list

List all SQL role assignments under an Azure Cosmos DB account.

az cosmosdb sql role assignment list --account-name
                                     --resource-group

Examples

List all SQL role assignments under an Azure Cosmos DB account.

az cosmosdb sql role assignment list --account-name MyAccount --resource-group MyResourceGroup

Required Parameters

--account-name -a

Cosmosdb account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az cosmosdb sql role assignment show

Show the properties of a SQL role assignment under an Azure Cosmos DB account.

az cosmosdb sql role assignment show --account-name
                                     --resource-group
                                     --role-assignment-id

Examples

Show the properties of a SQL role assignment under an Azure Cosmos DB account.

az cosmosdb sql role assignment show --account-name MyAccount --resource-group MyResourceGroup --role-assignment-id cb8ed2d7-2371-4e3c-bd31-6cc1560e84f8

Required Parameters

--account-name -a

Cosmosdb account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--role-assignment-id -i

Optional for Create. Unique ID for the Role Assignment. If not provided, a new GUID will be used.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az cosmosdb sql role assignment update

Update a SQL role assignment under an Azure Cosmos DB account.

az cosmosdb sql role assignment update --account-name
                                       --resource-group
                                       --role-assignment-id
                                       [--no-wait]
                                       [--principal-id]
                                       [--role-definition-id]
                                       [--role-definition-name]
                                       [--scope]

Examples

Update a SQL role assignment under an Azure Cosmos DB account.

az cosmosdb sql role assignment update --account-name MyAccount --resource-group MyResourceGroup \
  --role-assignment-id cb8ed2d7-2371-4e3c-bd31-6cc1560e84f8 \
  --role-definition-id updated-role-definition-id

Required Parameters

--account-name -a

Cosmosdb account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--role-assignment-id -i

Optional for Create. Unique ID for the Role Assignment. If not provided, a new GUID will be used.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--principal-id -p

AAD Object ID of the principal to which this Role Assignment is being granted.

--role-definition-id -d

Unique ID of the Role Definition that this Role Assignment refers to.

--role-definition-name -n

Unique Name of the Role Definition that this Role Assignment refers to. Eg. 'Contoso Reader Role'.

--scope -s

Data plane resource path at which this Role Assignment is being granted.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az cosmosdb sql role assignment wait

Poll on a SQL role assignment until a specific condition is met.

az cosmosdb sql role assignment wait --account-name
                                     --resource-group
                                     --role-assignment-id
                                     [--created]
                                     [--custom]
                                     [--deleted]
                                     [--exists]
                                     [--interval]
                                     [--timeout]
                                     [--updated]

Examples

Poll on a SQL role assignment until it is deleted.

az cosmosdb sql role assignment wait --account-name MyAccount --resource-group MyResourceGroup --role-assignment-id cb8ed2d7-2371-4e3c-bd31-6cc1560e84f8 --deleted

Required Parameters

--account-name -a

Cosmosdb account name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--role-assignment-id -i

Optional for Create. Unique ID for the Role Assignment. If not provided, a new GUID will be used.

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Default value: False
--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

Default value: False
--exists

Wait until the resource exists.

Default value: False
--interval

Polling interval in seconds.

Default value: 30
--timeout

Maximum wait in seconds.

Default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.