Skip to content

Commit 0555a65

Browse files
JFolberthJFolberth
authored
Adding Bicep Example for built in RBAC assignment
1 parent 7904c27 commit 0555a65

File tree

1 file changed

+14
-1
lines changed

1 file changed

+14
-1
lines changed

articles/cosmos-db/how-to-setup-rbac.md

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -355,7 +355,20 @@ principalId='<aadPrincipalId>'
355355
az cosmosdb sql role assignment create --account-name $accountName --resource-group $resourceGroupName --scope "/" --principal-id $principalId --role-definition-id $readOnlyRoleDefinitionId
356356
```
357357

358-
### Using Azure Resource Manager templates
358+
### Using Bicep/Azure Resource Manager templates
359+
360+
For assigned a built in assignment via Bicep:
361+
362+
```
363+
resource sqlRoleAssignment 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2023-04-15' = {
364+
name: guid(<roleDefinitionId>, <aadPrincipalId>, <databaseAccountResourceId>)
365+
parent: databaseAccount
366+
properties:{
367+
principalId: <aadPrincipalId>
368+
roleDefinitionId: '/${subscription().id}/resourceGroups/<databaseAccountResourceGroup>/providers/Microsoft.DocumentDB/databaseAccounts/<myCosmosAccount>/sqlRoleDefinitions/<roleDefinitionId>'
369+
scope: <databaseAccountResourceId>
370+
}
371+
}```
359372
360373
For a reference and examples of using Azure Resource Manager templates to create role assignments, see [``Microsoft.DocumentDB`` ``databaseAccounts/sqlRoleAssignments``](/azure/templates/microsoft.documentdb/2021-10-15/databaseaccounts/sqlroleassignments).
361374

0 commit comments

Comments
 (0)