Microsoft.DocumentDB databaseAccounts/sqlRoleDefinitions 2021-04-01-preview

Template format

To create a Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions",
  "apiVersion": "2021-04-01-preview",
  "properties": {
    "roleName": "string",
    "type": "string",
    "assignableScopes": [
      "string"
    ],
    "permissions": [
      {
        "dataActions": [
          "string"
        ],
        "notDataActions": [
          "string"
        ]
      }
    ]
  }
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions object

Note

In Bicep, type and apiVersion are specified in the first line of the resource declaration. Use the format <type>@<apiVersion>. Don't set those properties in the resource body.

Name Type Required Value
name string Yes The GUID for the Role Definition.
type enum Yes For JSON -sqlRoleDefinitions
-or-
Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions

See Set name and type for child resources.
apiVersion enum Yes For JSON - 2021-04-01-preview
properties object Yes Properties to create and update an Azure Cosmos DB SQL Role Definition. - SqlRoleDefinitionResource object

SqlRoleDefinitionResource object

Name Type Required Value
roleName string No A user-friendly name for the Role Definition. Must be unique for the database account.
type enum No Indicates whether the Role Definition was built-in or user created. - BuiltInRole or CustomRole
assignableScopes array No A set of fully qualified Scopes at or below which Role Assignments may be created using this Role Definition. This will allow application of this Role Definition on the entire database account or any underlying Database / Collection. Must have at least one element. Scopes higher than Database account are not enforceable as assignable Scopes. Note that resources referenced in assignable Scopes need not exist. - string
permissions array No The set of operations allowed through this Role Definition. - Permission object

Permission object

Name Type Required Value
dataActions array No An array of data actions that are allowed. - string
notDataActions array No An array of data actions that are denied. - string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create an Azure Cosmos DB SQL Account with data plane RBAC

Deploy to Azure
This template will create a SQL Cosmos account, a natively maintained Role Definition, and a natively maintained Role Assignment for an AAD identity.