New-AzCosmosDBSqlRoleDefinition

Module:

Az.CosmosDB Module

Creates a new CosmosDB Sql Role Definition.

New-AzCosmosDBSqlRoleDefinition
 -ResourceGroupName <String>
 -AccountName <String>
 -RoleName <String>
 -AssignableScope <System.Collections.Generic.List`1[System.String]>
 -DataAction <System.Collections.Generic.List`1[System.String]>
 [-Id <String>]
 [-Type <String>]
 [-DefaultProfile <IAzureContextContainer>]
 [-WhatIf]
 [-Confirm]
 [<CommonParameters>]

New-AzCosmosDBSqlRoleDefinition
 -ResourceGroupName <String>
 -AccountName <String>
 -RoleName <String>
 -AssignableScope <System.Collections.Generic.List`1[System.String]>
 -Permission <System.Collections.Generic.List`1[Microsoft.Azure.Commands.CosmosDB.Models.PSPermission]>
 [-Id <String>]
 [-Type <String>]
 [-DefaultProfile <IAzureContextContainer>]
 [-WhatIf]
 [-Confirm]
 [<CommonParameters>]

New-AzCosmosDBSqlRoleDefinition
 -RoleName <String>
 -AssignableScope <System.Collections.Generic.List`1[System.String]>
 -DataAction <System.Collections.Generic.List`1[System.String]>
 -ParentObject <PSDatabaseAccountGetResults>
 [-Id <String>]
 [-Type <String>]
 [-DefaultProfile <IAzureContextContainer>]
 [-WhatIf]
 [-Confirm]
 [<CommonParameters>]

New-AzCosmosDBSqlRoleDefinition
 -RoleName <String>
 -AssignableScope <System.Collections.Generic.List`1[System.String]>
 -Permission <System.Collections.Generic.List`1[Microsoft.Azure.Commands.CosmosDB.Models.PSPermission]>
 -ParentObject <PSDatabaseAccountGetResults>
 [-Id <String>]
 [-Type <String>]
 [-DefaultProfile <IAzureContextContainer>]
 [-WhatIf]
 [-Confirm]
 [<CommonParameters>]

Creates a new CosmosDB Sql Role Definition. Assignable Scopes can be either fully qualified (ie. /subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName/dbs/dbName) or start with the database name (ie. /dbs/dbName). In order to specify the Role Definition's Permissions, either use the DataAction parameter and pass in a list of strings that will be turned into a single Permission object, or use the New-AzCosmosDBPermission cmdlet to create PSPermission objects to pass in through the Permission parameter.

New-AzCosmosDBSqlRoleDefinition `
	-AccountName accountName `
	-ResourceGroupName resourceGroupName `
	-Type CustomRole `
	-RoleName roleName `
	-DataAction "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create" `
	-AssignableScope "/"

RoleName : roleName
Id : /subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName/sqlRoleDefinitions/id
Type : CustomRole
Permissions : {Microsoft.Azure.Management.CosmosDB.Models.Permission}
AssignableScopes : {/subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName}

$DatabaseAccount = Get-AzCosmosDBAccount -Name accountName -ResourceGroupName resourceGroupName
$Permission = New-AzCosmosDBPermission -DataAction "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create"
New-AzCosmosDBSqlRoleDefinition `
	-Type CustomRole `
	-RoleName roleName `
	-Permission $Permission `
	-AssignableScope "/" `
	-ParentObject $DatabaseAccount

RoleName : roleName
Id : /subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName/sqlRoleDefinitions/id
Type : CustomRole
Permissions : {Microsoft.Azure.Management.CosmosDB.Models.Permission}
AssignableScopes : {/subscriptions/subId/resourceGroups/resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/accountName}

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.