Merge pull request #115404 from JFolberth/CosmosBuiltInRBACBicep

Court72 · web-flow · commit bc1b703b76a6 · 2023-10-03T09:25:46.000-06:00
Adding Bicep Example for built in RBAC assignment
diff --git a/articles/cosmos-db/how-to-setup-rbac.md b/articles/cosmos-db/how-to-setup-rbac.md
@@ -355,7 +355,21 @@ principalId='<aadPrincipalId>'
 az cosmosdb sql role assignment create --account-name $accountName --resource-group $resourceGroupName --scope "/" --principal-id $principalId --role-definition-id $readOnlyRoleDefinitionId
 ```
 
-### Using Azure Resource Manager templates
+### Using Bicep/Azure Resource Manager templates
+
+For a built-in assignment using a Bicep template:
+
+```
+resource sqlRoleAssignment 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2023-04-15' = {
+  name: guid(<roleDefinitionId>, <aadPrincipalId>, <databaseAccountResourceId>)
+  parent: databaseAccount
+  properties:{
+    principalId: <aadPrincipalId>
+    roleDefinitionId: '/${subscription().id}/resourceGroups/<databaseAccountResourceGroup>/providers/Microsoft.DocumentDB/databaseAccounts/<myCosmosAccount>/sqlRoleDefinitions/<roleDefinitionId>'
+    scope: <databaseAccountResourceId>
+  }
+}
+```
 
 For a reference and examples of using Azure Resource Manager templates to create role assignments, see [``Microsoft.DocumentDB`` ``databaseAccounts/sqlRoleAssignments``](/azure/templates/microsoft.documentdb/2021-10-15/databaseaccounts/sqlroleassignments).
 
