Update-AzCosmosDBSqlRoleDefinition
Updates an existing CosmosDB Sql Role Definition.
Syntax
Update-AzCosmosDBSqlRoleDefinition
-ResourceGroupName <String>
-AccountName <String>
-Id <String>
[-Type <String>]
[-RoleName <String>]
[-DataAction <System.Collections.Generic.List`1[System.String]>]
[-Permission <System.Collections.Generic.List`1[Microsoft.Azure.Commands.CosmosDB.Models.PSPermission]>]
[-AssignableScope <System.Collections.Generic.List`1[System.String]>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Update-AzCosmosDBSqlRoleDefinition
-Id <String>
[-Type <String>]
[-RoleName <String>]
[-DataAction <System.Collections.Generic.List`1[System.String]>]
[-Permission <System.Collections.Generic.List`1[Microsoft.Azure.Commands.CosmosDB.Models.PSPermission]>]
[-AssignableScope <System.Collections.Generic.List`1[System.String]>]
-ParentObject <PSDatabaseAccountGetResults>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Update-AzCosmosDBSqlRoleDefinition
-InputObject <PSSqlRoleDefinitionGetResults>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Updates an existing CosmosDB Sql Role Definition. Assignable Scopes can be either fully qualified (ie. /subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName/dbs/dbName) or start with the database name (ie. /dbs/dbName). Id can be either fully qualified or just the Guid. In order to specify the Role Definition's Permissions, either use the DataAction parameter and pass in a list of strings that will be turned into a single Permission object, or use the New-AzCosmosDBPermission cmdlet to create PSPermission objects to pass in through the Permission parameter.
Examples
Example 1
Update-AzCosmosDBSqlRoleDefinition `
-AccountName accountName `
-ResourceGroupName resourceGroupName `
-Id id `
-Type CustomRole `
-RoleName roleName `
-DataAction "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create" `
-AssignableScope "/"
RoleName : roleName
Id : /subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName/sqlRoleDefinitions/id
Type : CustomRole
Permissions : {Microsoft.Azure.Management.CosmosDB.Models.Permission}
AssignableScopes : {/subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName}Example 2: Using Permission and ParentObject
$DatabaseAccount = Get-AzCosmosDBAccount -Name accountName -ResourceGroupName resourceGroupName
$Permission = New-AzCosmosDBPermission -DataAction "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create"
Update-AzCosmosDBSqlRoleDefinition `
-Type CustomRole `
-Id id `
-RoleName roleName `
-Permission $Permission `
-AssignableScope "/" `
-ParentObject $DatabaseAccount
RoleName : roleName
Id : /subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName/sqlRoleDefinitions/id
Type : CustomRole
Permissions : {Microsoft.Azure.Management.CosmosDB.Models.Permission}
AssignableScopes : {/subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName}Parameters
-AccountName
Name of the Cosmos DB database account.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AssignableScope
Set of resource paths below which a Role Assignment can be attached to the Role Definition. Eg. '/', '/dbs/dbname','/dbs/dbname/colls/collname'.
| Type: | List<T>[String] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DataAction
Set of data actions granted through the Role Definition. List of allowed actions can be found at: https://aka.ms/cosmos-native-rbac
| Type: | List<T>[String] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Id
Role Definition Id.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
CosmosDB Account object
| Type: | PSSqlRoleDefinitionGetResults |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ParentObject
CosmosDB Account object
| Type: | PSDatabaseAccountGetResults |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Permission
Permission is a collection of data actions.
| Type: | List<T>[PSPermission] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceGroupName
Name of resource group.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RoleName
Role Definition Name.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Type
Type of Role Definition, either CustomRole or BuiltInRole. Default value is CustomRole.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Azure.Commands.CosmosDB.Models.PSDatabaseAccount
Outputs
Azure PowerShell
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for