Edit

Share via

New-AzCosmosDBSqlRoleDefinition

Module:
Az.CosmosDB Module

Creates a new CosmosDB Sql Role Definition.

Syntax

ByFieldsDataActionsParameterSet (Default) 

New-AzCosmosDBSqlRoleDefinition
    -ResourceGroupName <String>
    -AccountName <String>
    -RoleName <String>
    -AssignableScope <System.Collections.Generic.List`1[System.String]>
    -DataAction <System.Collections.Generic.List`1[System.String]>
    [-Id <String>]
    [-Type <String>]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

ByFieldsPermissionsParameterSet 

New-AzCosmosDBSqlRoleDefinition
    -ResourceGroupName <String>
    -AccountName <String>
    -RoleName <String>
    -AssignableScope <System.Collections.Generic.List`1[System.String]>
    -Permission <System.Collections.Generic.List`1[Microsoft.Azure.Commands.CosmosDB.Models.PSPermission]>
    [-Id <String>]
    [-Type <String>]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

ByParentObjectDataActionsParameterSet 

New-AzCosmosDBSqlRoleDefinition
    -RoleName <String>
    -AssignableScope <System.Collections.Generic.List`1[System.String]>
    -DataAction <System.Collections.Generic.List`1[System.String]>
    -ParentObject <PSDatabaseAccountGetResults>
    [-Id <String>]
    [-Type <String>]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

ByParentObjectPermissionsParameterSet 

New-AzCosmosDBSqlRoleDefinition
    -RoleName <String>
    -AssignableScope <System.Collections.Generic.List`1[System.String]>
    -Permission <System.Collections.Generic.List`1[Microsoft.Azure.Commands.CosmosDB.Models.PSPermission]>
    -ParentObject <PSDatabaseAccountGetResults>
    [-Id <String>]
    [-Type <String>]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Description

Creates a new CosmosDB Sql Role Definition. Assignable Scopes can be either fully qualified (ie. /subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName/dbs/dbName) or start with the database name (ie. /dbs/dbName). In order to specify the Role Definition's Permissions, either use the DataAction parameter and pass in a list of strings that will be turned into a single Permission object, or use the New-AzCosmosDBPermission cmdlet to create PSPermission objects to pass in through the Permission parameter.

Examples

Example 1: Using DataAction

New-AzCosmosDBSqlRoleDefinition `
	-AccountName accountName `
	-ResourceGroupName resourceGroupName `
	-Type CustomRole `
	-RoleName roleName `
	-DataAction "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create" `
	-AssignableScope "/"

RoleName         : roleName
Id               : /subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName/sqlRoleDefinitions/id
Type             : CustomRole
Permissions      : {Microsoft.Azure.Management.CosmosDB.Models.Permission}
AssignableScopes : {/subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName}

Example 2: Using Permission and ParentObject

$DatabaseAccount = Get-AzCosmosDBAccount -Name accountName -ResourceGroupName resourceGroupName
$Permission = New-AzCosmosDBPermission -DataAction "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create"
New-AzCosmosDBSqlRoleDefinition `
	-Type CustomRole `
	-RoleName roleName `
	-Permission $Permission `
	-AssignableScope "/" `
	-ParentObject $DatabaseAccount

RoleName         : roleName
Id               : /subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName/sqlRoleDefinitions/id
Type             : CustomRole
Permissions      : {Microsoft.Azure.Management.CosmosDB.Models.Permission}
AssignableScopes : {/subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName}

Parameters

-AccountName

Name of the Cosmos DB database account.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

ByFieldsDataActionsParameterSet
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
ByFieldsPermissionsParameterSet
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-AssignableScope

Set of resource paths below which a Role Assignment can be attached to the Role Definition. Eg. '/', '/dbs/dbname','/dbs/dbname/colls/collname'.

Parameter properties

Type:

List<T>[String]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:SwitchParameter
Default value:False
Supports wildcards:False
DontShow:False
Aliases:cf

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-DataAction

Set of data actions granted through the Role Definition. List of allowed actions can be found at: https://aka.ms/cosmos-native-rbac

Parameter properties

Type:

List<T>[String]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

ByFieldsDataActionsParameterSet
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
ByParentObjectDataActionsParameterSet
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Parameter properties

Type:IAzureContextContainer
Default value:None
Supports wildcards:False
DontShow:False
Aliases:AzContext, AzureRmContext, AzureCredential

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Id

Role Assignment Id.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-ParentObject

Role definition object.

Parameter properties

Type:PSDatabaseAccountGetResults
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

ByParentObjectDataActionsParameterSet
Position:Named
Mandatory:True
Value from pipeline:True
Value from pipeline by property name:False
Value from remaining arguments:False
ByParentObjectPermissionsParameterSet
Position:Named
Mandatory:True
Value from pipeline:True
Value from pipeline by property name:False
Value from remaining arguments:False

-Permission

Permission is a collection of data actions.

Parameter properties

Type:

List<T>[PSPermission]

Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

ByFieldsPermissionsParameterSet
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
ByParentObjectPermissionsParameterSet
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-ResourceGroupName

Name of resource group.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

ByFieldsDataActionsParameterSet
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
ByFieldsPermissionsParameterSet
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-RoleName

Role Definition Name.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Type

Type of Role Definition, either CustomRole or BuiltInRole. Default value is CustomRole.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Parameter properties

Type:SwitchParameter
Default value:False
Supports wildcards:False
DontShow:False
Aliases:wi

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

PSSqlRoleDefinitionGetResults

Outputs

PSSqlRoleDefinitionGetResults