SqlResources2 - Create Update Sql Role Definition
Creates or updates an Azure Cosmos DB SQL Role Definition.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DocumentDB/databaseAccounts/{accountName}/sqlRoleDefinitions/{roleDefinitionId}?api-version=2023-11-15
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
account
|
path | True |
string |
Cosmos DB database account name. Regex pattern: |
resource
|
path | True |
string |
The name of the resource group. The name is case insensitive. |
role
|
path | True |
string |
The GUID for the Role Definition. |
subscription
|
path | True |
string |
The ID of the target subscription. |
api-version
|
query | True |
string |
The API version to use for this operation. |
Request Body
Name | Type | Description |
---|---|---|
properties.assignableScopes |
string[] |
A set of fully qualified Scopes at or below which Role Assignments may be created using this Role Definition. This will allow application of this Role Definition on the entire database account or any underlying Database / Collection. Must have at least one element. Scopes higher than Database account are not enforceable as assignable Scopes. Note that resources referenced in assignable Scopes need not exist. |
properties.permissions |
The set of operations allowed through this Role Definition. |
|
properties.roleName |
string |
A user-friendly name for the Role Definition. Must be unique for the database account. |
properties.type |
Indicates whether the Role Definition was built-in or user created. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
The Role Definition create or update operation was completed successfully. |
|
202 Accepted |
The Role Definition create or update request was accepted and will complete asynchronously. |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | Impersonate your user account |
Examples
CosmosDBSqlRoleDefinitionCreateUpdate
Sample Request
PUT https://management.azure.com/subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/sqlRoleDefinitions/myRoleDefinitionId?api-version=2023-11-15
{
"properties": {
"roleName": "myRoleName",
"type": "CustomRole",
"assignableScopes": [
"/subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/sales",
"/subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/purchases"
],
"permissions": [
{
"dataActions": [
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read"
],
"notDataActions": []
}
]
}
}
Sample Response
{
"id": "/subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/sqlRoleDefinitions/myRoleDefinitionId",
"name": "myRoleDefinitionId",
"type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions",
"properties": {
"roleName": "myRoleName",
"type": "CustomRole",
"assignableScopes": [
"/subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/sales",
"/subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/purchases"
],
"permissions": [
{
"dataActions": [
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read"
]
}
]
}
}
Definitions
Name | Description |
---|---|
Cloud |
An error response from the service. |
Error |
Error Response. |
Permission |
The set of data plane operations permitted through this Role Definition. |
Role |
Indicates whether the Role Definition was built-in or user created. |
Sql |
Parameters to create and update an Azure Cosmos DB SQL Role Definition. |
Sql |
An Azure Cosmos DB SQL Role Definition. |
CloudError
An error response from the service.
Name | Type | Description |
---|---|---|
error |
Error Response. |
ErrorResponse
Error Response.
Name | Type | Description |
---|---|---|
code |
string |
Error code. |
message |
string |
Error message indicating why the operation failed. |
Permission
The set of data plane operations permitted through this Role Definition.
Name | Type | Description |
---|---|---|
dataActions |
string[] |
An array of data actions that are allowed. |
notDataActions |
string[] |
An array of data actions that are denied. |
RoleDefinitionType
Indicates whether the Role Definition was built-in or user created.
Name | Type | Description |
---|---|---|
BuiltInRole |
string |
|
CustomRole |
string |
SqlRoleDefinitionCreateUpdateParameters
Parameters to create and update an Azure Cosmos DB SQL Role Definition.
Name | Type | Description |
---|---|---|
properties.assignableScopes |
string[] |
A set of fully qualified Scopes at or below which Role Assignments may be created using this Role Definition. This will allow application of this Role Definition on the entire database account or any underlying Database / Collection. Must have at least one element. Scopes higher than Database account are not enforceable as assignable Scopes. Note that resources referenced in assignable Scopes need not exist. |
properties.permissions |
The set of operations allowed through this Role Definition. |
|
properties.roleName |
string |
A user-friendly name for the Role Definition. Must be unique for the database account. |
properties.type |
Indicates whether the Role Definition was built-in or user created. |
SqlRoleDefinitionGetResults
An Azure Cosmos DB SQL Role Definition.
Name | Type | Description |
---|---|---|
id |
string |
The unique resource identifier of the database account. |
name |
string |
The name of the database account. |
properties.assignableScopes |
string[] |
A set of fully qualified Scopes at or below which Role Assignments may be created using this Role Definition. This will allow application of this Role Definition on the entire database account or any underlying Database / Collection. Must have at least one element. Scopes higher than Database account are not enforceable as assignable Scopes. Note that resources referenced in assignable Scopes need not exist. |
properties.permissions |
The set of operations allowed through this Role Definition. |
|
properties.roleName |
string |
A user-friendly name for the Role Definition. Must be unique for the database account. |
properties.type |
Indicates whether the Role Definition was built-in or user created. |
|
type |
string |
The type of Azure resource. |