TechQA.

Give permission to Managed Identity to write index policy of Cosmos DB container

102 views Asked by At

Is there a role or an action that can be assigned to a Managed Identity to allow it to write the index policy of a Cosmos DB container?

Neither DocumentDB Account Contributor nor Cosmos DB Operator nor Owner seem to suffice.

The code for writing the index policy using the .NET CosmosClient looks like this:

ContainerResponse containerResponse = await this.container.ReadContainerAsync();

containerResponse.Resource.IndexingPolicy = ...; // set or manipulate the index policy

await this.container.ReplaceContainerAsync(containerResponse.Resource);
azure-cosmosdb azure-rbac
Original Q&A
1

There are 1 answers

2
Matias Quaranta On BEST ANSWER

You cannot use Data Plane SDKs such as Microsoft.Azure.Cosmos to perform Management Plane operations when using MSI authentication.

The operation you are attempting is probably failing with an error, that error has an aka.ms link in its message that points to: https://learn.microsoft.com/azure/cosmos-db/how-to-setup-rbac#permission-model

To perform Management Plane operations with MSI auth you need to use the Management Plane SDKs, such as Azure.ResourceManager.CosmosDB for .NET.

Related Questions in AZURE-COSMOSDB

Related Questions in AZURE-RBAC

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions