role based access control in azure using cosmosdb

Question

Hi i need to create role based access using json file of my company employees data which is stored as items in a container in azure cosmos db. All employees data stored in Json format. i am still confused how achieve this in azure. i am creating this for my enterprisegpt chatbot application where i have generic data that is stored in storage account i am able to get insights of this data but to achieve this RBAC what are the steps i should follow to fix this for my chatbot app.

Employee or Member should only be able to view their personal data.

Assistant managers should be able to access their own data and the data of employees reporting to them.

Managers should have access to their data, data of assistant managers reporting to them, and the data of employees under those assistant managers.

CTO & CEO should have access over all the employees in the company.

Answer 1

Hi there Dinnemidi Ananda Kumar

that's a good question and thanks for using QandA platform

To start, make sure your JSON data in Cosmos DB includes role information and reporting structures.

Now, Azure RBAC comes into play. It's imp for managing access to Azure services, including Cosmos DB. Set up roles and permissions here according to your organizational structure.

Next, implement custom access control logic within your application. For Employees, they should only view their own data. Assistant Managers should access their data and data of those they manage. Managers should have access to their own data, plus data of their direct reports and their reports' subordinates. As for CTO and CEO, they get access to everything.

let me drop you the needed documentation links below and go through them for more info

https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac?source=recommendations

https://learn.microsoft.com/en-us/azure/cosmos-db/role-based-access-control

If this helps kindly accept the answer thanks much.