AzRoleAdvertizer

last sync: 2025-Jun-13 17:22:48 UTC

Cosmos DB Operator

Azure BuiltIn RBAC Role definition

NameCosmos DB Operator
Microsoft Learn
Id230815da-be43-4aae-9cb4-875f7bd000aa
DescriptionLets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.
CategoryDatabases
Microsoft Learn
CreatedOn2019-04-26 17:01:17 UTC
UpdatedOn2025-06-06 07:02:41 UTC
Permissions summary Effective control plane and data plane operations: 312 (unique operations)
•action: 54
•delete: 28
•read: 182
•write: 48

Actions: 8
Resolved control plane operations from Actions: 337
Effective control plane operations: 312
•action: 54
•delete: 28
•read: 182
•write: 48

NotActions: 14
Resolved control plane operations from NotActions: 25
Effective denied control plane operations: 16330

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3559
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.DocumentDb/databaseAccounts/*wildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionJoins resource such as storage account or SQL database to a subnet. Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Support/*wildcarded / no description
NotActions
Operation Description
Microsoft.DocumentDB/databaseAccounts/copyJobs/*wildcarded / no description
Microsoft.DocumentDB/databaseAccounts/dataTransferJobs/*wildcarded / no description
Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*wildcarded / no description
Microsoft.DocumentDB/databaseAccounts/listKeys/*wildcarded / no description
Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions/deleteDelete a MongoDB Role Definition
Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions/writeCreate or update a Mongo Role Definition
Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions/deleteDelete a MongoDB User Definition
Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions/writeCreate or update a MongoDB User Definition
Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*wildcarded / no description
Microsoft.DocumentDB/databaseAccounts/regenerateKey/*wildcarded / no description
Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/deleteDelete a SQL Role Assignment
Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/writeCreate or update a SQL Role Assignment
Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/deleteDelete a SQL Role Definition
Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/writeCreate or update a SQL Role Definition
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2025-06-06 17:22:54 change: NotActions NotActions: 'add Microsoft.DocumentDB/databaseAccounts/copyJobs/*'
2024-01-11 18:35:40 change: NotActions NotActions: 'add Microsoft.DocumentDB/databaseAccounts/dataTransferJobs/*'
2023-01-16 18:05:52 change: NotActions NotActions: 'add Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions/write; add Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions/delete; add Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions/write; add Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions/delete'
2021-02-26 14:41:31 change: NotActions NotActions: 'add Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/write; add Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/delete; add Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/write; add Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/delete'
JSON
api-version=2023-07-01-preview
Condition none