Cassandra Resources - Create Update Cassandra Role Definition
Creates or updates an Azure Cosmos DB Cassandra Role Definition.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DocumentDB/databaseAccounts/{accountName}/cassandraRoleDefinitions/{roleDefinitionId}?api-version=2025-05-01-previewURI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
account
|
path | True |
string minLength: 3maxLength: 50 pattern: ^[a-z0-9]+(-[a-z0-9]+)* |
Cosmos DB database account name. |
|
resource
|
path | True |
string minLength: 1maxLength: 90 |
The name of the resource group. The name is case insensitive. |
|
role
|
path | True |
string |
The GUID for the Role Definition. |
|
subscription
|
path | True |
string (uuid) |
The ID of the target subscription. The value must be an UUID. |
|
api-version
|
query | True |
string minLength: 1 |
The API version to use for this operation. |
Request Body
| Name | Type | Description |
|---|---|---|
| properties.assignableScopes |
string[] |
A set of fully qualified Scopes at or below which Cassandra Role Assignments may be created using this Role Definition. This will allow application of this Role Definition on the entire database account or any underlying Database / Collection. Must have at least one element. Scopes higher than Database account are not enforceable as assignable Scopes. Note that resources referenced in assignable Scopes need not exist. |
| properties.id |
string |
The path id for the Role Definition. |
| properties.permissions |
The set of operations allowed through this Role Definition. |
|
| properties.roleName |
string |
A user-friendly name for the Role Definition. Must be unique for the database account. |
| properties.type |
Indicates whether the Role Definition was built-in or user created. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
The Role Definition create or update operation was completed successfully. |
|
| 202 Accepted |
The Role Definition create or update request was accepted and will complete asynchronously. Headers
|
|
| Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| user_impersonation | Impersonate your user account |
Examples
CosmosDBCassandraRoleDefinitionCreateUpdate
Sample request
PUT https://management.azure.com/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/cassandraRoleDefinitions/myRoleDefinitionId?api-version=2025-05-01-preview
{
"properties": {
"roleName": "myRoleName",
"type": "CustomRole",
"assignableScopes": [
"/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/sales",
"/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/purchases"
],
"permissions": [
{
"dataActions": [
"Microsoft.DocumentDB/databaseAccounts/cassandraDatabases/containers/entities/create",
"Microsoft.DocumentDB/databaseAccounts/cassandraDatabases/containers/entities/read"
],
"notDataActions": []
}
]
}
}
Sample response
{
"id": "/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/cassandraRoleDefinitions/myRoleDefinitionId",
"name": "myRoleDefinitionId",
"type": "Microsoft.DocumentDB/databaseAccounts/cassandraRoleDefinitions",
"properties": {
"roleName": "myRoleName",
"type": "CustomRole",
"assignableScopes": [
"/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/sales",
"/subscriptions/ffffffff-ffff-ffff-ffff-ffffffffffff/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/purchases"
],
"permissions": [
{
"dataActions": [
"Microsoft.DocumentDB/databaseAccounts/cassandraDatabases/containers/entities/create",
"Microsoft.DocumentDB/databaseAccounts/cassandraDatabases/containers/entities/read"
]
}
]
}
}azure-AsyncOperation: https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/operationsStatus/{operationId}?api-version=2025-05-01-preview
location: https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/operationsStatus/{operationId}?api-version=2025-05-01-previewDefinitions
| Name | Description |
|---|---|
|
Cassandra |
Parameters to create and update an Azure Cosmos DB Cassandra Role Definition. |
|
created |
The type of identity that created the resource. |
|
Error |
The resource management error additional info. |
|
Error |
The error detail. |
|
Error |
Error response |
| Permission |
The set of data plane operations permitted through this Role Definition. |
|
Role |
Indicates whether the Role Definition was built-in or user created. |
|
system |
Metadata pertaining to creation and last modification of the resource. |
CassandraRoleDefinitionResource
Parameters to create and update an Azure Cosmos DB Cassandra Role Definition.
| Name | Type | Description |
|---|---|---|
| id |
string (arm-id) |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
| name |
string |
The name of the resource |
| properties.assignableScopes |
string[] |
A set of fully qualified Scopes at or below which Cassandra Role Assignments may be created using this Role Definition. This will allow application of this Role Definition on the entire database account or any underlying Database / Collection. Must have at least one element. Scopes higher than Database account are not enforceable as assignable Scopes. Note that resources referenced in assignable Scopes need not exist. |
| properties.id |
string |
The path id for the Role Definition. |
| properties.permissions |
The set of operations allowed through this Role Definition. |
|
| properties.roleName |
string |
A user-friendly name for the Role Definition. Must be unique for the database account. |
| properties.type |
Indicates whether the Role Definition was built-in or user created. |
|
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
createdByType
The type of identity that created the resource.
| Value | Description |
|---|---|
| User | |
| Application | |
| ManagedIdentity | |
| Key |
ErrorAdditionalInfo
The resource management error additional info.
| Name | Type | Description |
|---|---|---|
| info |
object |
The additional info. |
| type |
string |
The additional info type. |
ErrorDetail
The error detail.
| Name | Type | Description |
|---|---|---|
| additionalInfo |
The error additional info. |
|
| code |
string |
The error code. |
| details |
The error details. |
|
| message |
string |
The error message. |
| target |
string |
The error target. |
ErrorResponse
Error response
| Name | Type | Description |
|---|---|---|
| error |
The error object. |
Permission
The set of data plane operations permitted through this Role Definition.
| Name | Type | Description |
|---|---|---|
| dataActions |
string[] |
An array of data actions that are allowed. |
| id |
string |
The id for the permission. |
| notDataActions |
string[] |
An array of data actions that are denied. |
RoleDefinitionType
Indicates whether the Role Definition was built-in or user created.
| Value | Description |
|---|---|
| BuiltInRole | |
| CustomRole |
systemData
Metadata pertaining to creation and last modification of the resource.
| Name | Type | Description |
|---|---|---|
| createdAt |
string (date-time) |
The timestamp of resource creation (UTC). |
| createdBy |
string |
The identity that created the resource. |
| createdByType |
The type of identity that created the resource. |
|
| lastModifiedAt |
string (date-time) |
The timestamp of resource last modification (UTC) |
| lastModifiedBy |
string |
The identity that last modified the resource. |
| lastModifiedByType |
The type of identity that last modified the resource. |