Update-AzCosmosDBSqlRoleDefinition
Updates an existing CosmosDB Sql Role Definition.
Syntax
ByFieldsParameterSet (Default)
Update-AzCosmosDBSqlRoleDefinition
-ResourceGroupName <String>
-AccountName <String>
-Id <String>
[-Type <String>]
[-RoleName <String>]
[-DataAction <System.Collections.Generic.List`1[System.String]>]
[-Permission <System.Collections.Generic.List`1[Microsoft.Azure.Commands.CosmosDB.Models.PSPermission]>]
[-AssignableScope <System.Collections.Generic.List`1[System.String]>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
ByParentObjectParameterSet
Update-AzCosmosDBSqlRoleDefinition
-Id <String>
-ParentObject <PSDatabaseAccountGetResults>
[-Type <String>]
[-RoleName <String>]
[-DataAction <System.Collections.Generic.List`1[System.String]>]
[-Permission <System.Collections.Generic.List`1[Microsoft.Azure.Commands.CosmosDB.Models.PSPermission]>]
[-AssignableScope <System.Collections.Generic.List`1[System.String]>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
ByObjectParameterSet
Update-AzCosmosDBSqlRoleDefinition
-InputObject <PSSqlRoleDefinitionGetResults>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Updates an existing CosmosDB Sql Role Definition.
Assignable Scopes can be either fully qualified (ie.
/subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName/dbs/dbName) or start with the database name (ie.
/dbs/dbName).
Id can be either fully qualified or just the Guid.
In order to specify the Role Definition's Permissions, either use the DataAction parameter and pass in a list of strings that will be turned into a single Permission object, or use the New-AzCosmosDBPermission cmdlet to create PSPermission objects to pass in through the Permission parameter.
Examples
Example 1
Update-AzCosmosDBSqlRoleDefinition `
-AccountName accountName `
-ResourceGroupName resourceGroupName `
-Id id `
-Type CustomRole `
-RoleName roleName `
-DataAction "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create" `
-AssignableScope "/"
RoleName : roleName
Id : /subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName/sqlRoleDefinitions/id
Type : CustomRole
Permissions : {Microsoft.Azure.Management.CosmosDB.Models.Permission}
AssignableScopes : {/subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName}
Example 2: Using Permission and ParentObject
$DatabaseAccount = Get-AzCosmosDBAccount -Name accountName -ResourceGroupName resourceGroupName
$Permission = New-AzCosmosDBPermission -DataAction "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create"
Update-AzCosmosDBSqlRoleDefinition `
-Type CustomRole `
-Id id `
-RoleName roleName `
-Permission $Permission `
-AssignableScope "/" `
-ParentObject $DatabaseAccount
RoleName : roleName
Id : /subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName/sqlRoleDefinitions/id
Type : CustomRole
Permissions : {Microsoft.Azure.Management.CosmosDB.Models.Permission}
AssignableScopes : {/subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName}
Parameters
-AccountName
Name of the Cosmos DB database account.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByFieldsParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-AssignableScope
Set of resource paths below which a Role Assignment can be attached to the Role Definition. Eg. '/', '/dbs/dbname','/dbs/dbname/colls/collname'.
Parameter properties
Type: List<T> [ String ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByFieldsParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByParentObjectParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: False Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DataAction
Set of data actions granted through the Role Definition. List of allowed actions can be found at: https://aka.ms/cosmos-native-rbac
Parameter properties
Type: List<T> [ String ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByFieldsParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByParentObjectParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Id
Role Definition Id.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByFieldsParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByParentObjectParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CosmosDB Account object
ByObjectParameterSet
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-ParentObject
CosmosDB Account object
Parameter properties
Parameter sets
ByParentObjectParameterSet
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-Permission
Permission is a collection of data actions.
Parameter properties
Parameter sets
ByFieldsParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByParentObjectParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ResourceGroupName
Name of resource group.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByFieldsParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-RoleName
Role Definition Name.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByFieldsParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByParentObjectParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Type
Type of Role Definition, either CustomRole or BuiltInRole.
Default value is CustomRole.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByFieldsParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByParentObjectParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: False Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Microsoft.Azure.Commands.CosmosDB.Models.PSDatabaseAccount
Outputs