New-AzCosmosDBSqlRoleDefinition
Creates a new CosmosDB Sql Role Definition.
Syntax
New-AzCosmosDBSqlRoleDefinition
-ResourceGroupName <String>
-AccountName <String>
[-Id <String>]
-RoleName <String>
[-Type <String>]
-AssignableScope <System.Collections.Generic.List`1[System.String]>
-DataAction <System.Collections.Generic.List`1[System.String]>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-AzCosmosDBSqlRoleDefinition
-ResourceGroupName <String>
-AccountName <String>
[-Id <String>]
-RoleName <String>
[-Type <String>]
-AssignableScope <System.Collections.Generic.List`1[System.String]>
-Permission <System.Collections.Generic.List`1[Microsoft.Azure.Commands.CosmosDB.Models.PSPermission]>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-AzCosmosDBSqlRoleDefinition
[-Id <String>]
-RoleName <String>
[-Type <String>]
-AssignableScope <System.Collections.Generic.List`1[System.String]>
-DataAction <System.Collections.Generic.List`1[System.String]>
-ParentObject <PSDatabaseAccountGetResults>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-AzCosmosDBSqlRoleDefinition
[-Id <String>]
-RoleName <String>
[-Type <String>]
-AssignableScope <System.Collections.Generic.List`1[System.String]>
-Permission <System.Collections.Generic.List`1[Microsoft.Azure.Commands.CosmosDB.Models.PSPermission]>
-ParentObject <PSDatabaseAccountGetResults>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Creates a new CosmosDB Sql Role Definition. Assignable Scopes can be either fully qualified (ie. /subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName/dbs/dbName) or start with the database name (ie. /dbs/dbName). In order to specify the Role Definition's Permissions, either use the DataAction parameter and pass in a list of strings that will be turned into a single Permission object, or use the New-AzCosmosDBPermission cmdlet to create PSPermission objects to pass in through the Permission parameter.
Examples
Example 1: Using DataAction
New-AzCosmosDBSqlRoleDefinition `
-AccountName accountName `
-ResourceGroupName resourceGroupName `
-Type CustomRole `
-RoleName roleName `
-DataAction "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create" `
-AssignableScope "/"
RoleName : roleName
Id : /subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName/sqlRoleDefinitions/id
Type : CustomRole
Permissions : {Microsoft.Azure.Management.CosmosDB.Models.Permission}
AssignableScopes : {/subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName}Example 2: Using Permission and ParentObject
$DatabaseAccount = Get-AzCosmosDBAccount -Name accountName -ResourceGroupName resourceGroupName
$Permission = New-AzCosmosDBPermission -DataAction "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create"
New-AzCosmosDBSqlRoleDefinition `
-Type CustomRole `
-RoleName roleName `
-Permission $Permission `
-AssignableScope "/" `
-ParentObject $DatabaseAccount
RoleName : roleName
Id : /subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName/sqlRoleDefinitions/id
Type : CustomRole
Permissions : {Microsoft.Azure.Management.CosmosDB.Models.Permission}
AssignableScopes : {/subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName}Parameters
-AccountName
Name of the Cosmos DB database account.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AssignableScope
Set of resource paths below which a Role Assignment can be attached to the Role Definition. Eg. '/', '/dbs/dbname','/dbs/dbname/colls/collname'.
| Type: | List<T>[String] |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DataAction
Set of data actions granted through the Role Definition. List of allowed actions can be found at: https://aka.ms/cosmos-native-rbac
| Type: | List<T>[String] |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Id
Role Assignment Id.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ParentObject
Role definition object.
| Type: | PSDatabaseAccountGetResults |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Permission
Permission is a collection of data actions.
| Type: | List<T>[PSPermission] |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceGroupName
Name of resource group.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RoleName
Role Definition Name.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Type
Type of Role Definition, either CustomRole or BuiltInRole. Default value is CustomRole.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Outputs
Azure PowerShell