az cosmosdb sql role definition
Manage Azure Cosmos DB SQL role definitions.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az cosmosdb sql role definition create |
Create a SQL role definition under an Azure Cosmos DB account. |
Core | GA |
| az cosmosdb sql role definition delete |
Delete a SQL role definition under an Azure Cosmos DB account. |
Core | GA |
| az cosmosdb sql role definition exists |
Check if an Azure Cosmos DB role definition exists. |
Core | GA |
| az cosmosdb sql role definition list |
List all SQL role definitions under an Azure Cosmos DB account. |
Core | GA |
| az cosmosdb sql role definition show |
Show the properties of a SQL role definition under an Azure Cosmos DB account. |
Core | GA |
| az cosmosdb sql role definition update |
Update a SQL role definition under an Azure Cosmos DB account. |
Core | GA |
| az cosmosdb sql role definition wait |
Poll on a SQL role definition until a specific condition is met. |
Core | GA |
az cosmosdb sql role definition create
Create a SQL role definition under an Azure Cosmos DB account.
az cosmosdb sql role definition create --account-name
--body
--resource-group
[--no-wait]Examples
Create a SQL role definition under an Azure Cosmos DB account using a JSON string.
az cosmosdb sql role definition create --account-name MyAccount --resource-group MyResourceGroup --body '{
"Id": "be79875a-2cc4-40d5-8958-566017875b39",
"RoleName": "My Read Only Role",
"Type": "CustomRole",
"AssignableScopes": ["/dbs/mydb/colls/mycontainer"],
"Permissions": [{
"DataActions": [
"Microsoft.DocumentDB/databaseAccounts/readMetadata",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/executeQuery",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readChangeFeed"
]
}]
}'Create a SQL role definition under an Azure Cosmos DB account using a JSON file.
az cosmosdb sql role definition create --account-name MyAccount --resource-group MyResourceGroup --body @role-definition.jsonRequired Parameters
Cosmosdb account name.
Role Definition body with Id (Optional for create), DataActions or Permissions, Type (Default is CustomRole), and AssignableScopes. You can enter it as a string or as a file, e.g., --body @rdbody-file.json or --body "{ "Id": "be79875a-2cc4-40d5-8958-566017875b39", "RoleName": "My Read Write Role", "Type": "CustomRole", "AssignableScopes": [ "/" ], "DataActions": [ "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create", "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read" ]}".
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az cosmosdb sql role definition delete
Delete a SQL role definition under an Azure Cosmos DB account.
az cosmosdb sql role definition delete --account-name
--id
--resource-group
[--no-wait]
[--yes]Examples
Delete a SQL role definition under an Azure Cosmos DB account.
az cosmosdb sql role definition delete --account-name MyAccount --resource-group MyResourceGroup --id be79875a-2cc4-40d5-8958-566017875b39Required Parameters
Cosmosdb account name.
Unique ID for the Role Definition.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Default value: | False |
Do not prompt for confirmation.
| Property | Value |
|---|---|
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az cosmosdb sql role definition exists
Check if an Azure Cosmos DB role definition exists.
az cosmosdb sql role definition exists --account-name
--id
--resource-groupExamples
Check if an Azure Cosmos DB role definition exists.
az cosmosdb sql role definition exists --account-name MyAccount --resource-group MyResourceGroup --id be79875a-2cc4-40d5-8958-566017875b39Required Parameters
Cosmosdb account name.
Unique ID for the Role Definition.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az cosmosdb sql role definition list
List all SQL role definitions under an Azure Cosmos DB account.
az cosmosdb sql role definition list --account-name
--resource-groupExamples
List all SQL role definitions under an Azure Cosmos DB account.
az cosmosdb sql role definition list --account-name MyAccount --resource-group MyResourceGroupRequired Parameters
Cosmosdb account name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az cosmosdb sql role definition show
Show the properties of a SQL role definition under an Azure Cosmos DB account.
az cosmosdb sql role definition show --account-name
--id
--resource-groupExamples
Show the properties of a SQL role definition under an Azure Cosmos DB account.
az cosmosdb sql role definition show --account-name MyAccount --resource-group MyResourceGroup --id be79875a-2cc4-40d5-8958-566017875b39Required Parameters
Cosmosdb account name.
Unique ID for the Role Definition.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az cosmosdb sql role definition update
Update a SQL role definition under an Azure Cosmos DB account.
az cosmosdb sql role definition update --account-name
--body
--resource-group
[--no-wait]Examples
Update a SQL role definition under an Azure Cosmos DB account.
az cosmosdb sql role definition update --account-name MyAccount --resource-group MyResourceGroup --body @role-definition.jsonRequired Parameters
Cosmosdb account name.
Role Definition body with Id (Optional for create), DataActions or Permissions, Type (Default is CustomRole), and AssignableScopes. You can enter it as a string or as a file, e.g., --body @rdbody-file.json or --body "{ "Id": "be79875a-2cc4-40d5-8958-566017875b39", "RoleName": "My Read Write Role", "Type": "CustomRole", "AssignableScopes": [ "/" ], "DataActions": [ "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create", "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read" ]}".
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az cosmosdb sql role definition wait
Poll on a SQL role definition until a specific condition is met.
az cosmosdb sql role definition wait --account-name
--id
--resource-group
[--created]
[--custom]
[--deleted]
[--exists]
[--interval]
[--timeout]
[--updated]Examples
Poll on a SQL role definition until it is deleted.
az cosmosdb sql role definition wait --account-name MyAccount --resource-group MyResourceGroup --id cb8ed2d7-2371-4e3c-bd31-6cc1560e84f8 --deletedRequired Parameters
Cosmosdb account name.
Unique ID for the Role Definition.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Wait until created with 'provisioningState' at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
Wait until deleted.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the resource exists.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Polling interval in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 30 |
Maximum wait in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 3600 |
Wait until updated with provisioningState at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
