Skip to content

Commit 0283d2a

Browse files
enkrumahenkrumah
committed
updated steps needed to assign rbac role
1 parent 9de9be1 commit 0283d2a

File tree

1 file changed

+5
-10
lines changed

1 file changed

+5
-10
lines changed

articles/stream-analytics/cosmos-db-managed-identity.md

Lines changed: 5 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ author: enkrumah
55
ms.author: ebnkruma
66
ms.service: stream-analytics
77
ms.topic: how-to
8-
ms.date: 08/09/2022
8+
ms.date: 08/25/2022
99
ms.custom: subject-rbac-steps
1010
---
1111

@@ -43,19 +43,14 @@ For the Stream Analytics job to access your Cosmos DB using managed identity, th
4343
|---------|
4444
|Cosmos DB Built-in Data Contributor|
4545

46-
1. Select **Access control (IAM)**.
46+
> [!IMPORTANT]
47+
> Cosmos DB data plane built-in role-based access control (RBAC) is not exposed through the Azure Portal. To assign the Cosmos DB Built-in Data Contributor role, you must grant permission via Azure Powershell. For more information about role-based access control with Azure Active Directory for your Azure Cosmos DB account please visit the: [Configure role-based access control with Azure Active Directory for your Azure Cosmos DB account documentation.](https://docs.microsoft.com/azure/cosmos-db/how-to-setup-rbac/)
4748
48-
2. Select **Add** > **Add role assignment** to open the **Add role assignment** page.
49+
The following command can be used to authenticate your ASA job with CosmosDB. The `$accountName` and `$resourceGroupName` are for your CosmosDB account, and the `$principalId` is the value obtained in the previous step, in the Identity tab of your ASA job. You need to have "Contributor" access to your CosmosDB account for this command to work as intended.
4950

50-
3. Assign the following role. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
5151

52-
| Setting | Value |
53-
| --- | --- |
54-
| Role | Cosmos DB Built-in Data Contributor |
55-
| Assign access to | User, group, or service principal |
56-
| Members | \<Name of your Stream Analytics job> |
52+
New-AzCosmosDBSqlRoleAssignment -AccountName $accountName -ResourceGroupName $resourceGroupName -RoleDefinitionId '00000000-0000-0000-0000-000000000002' -Scope "/" -PrincipalId $principalId
5753

58-
![Screenshot that shows Add role assignment page in Azure portal.](../../includes/role-based-access-control/media/add-role-assignment-page.png)
5954

6055
> [!NOTE]
6156
> Due to global replication or caching latency, there may be a delay when permissions are revoked or granted. Changes should be reflected within 8 minutes.

0 commit comments

Comments
 (0)