0

I am trying to create a new user for an application which uses CosmosDB. From the documentation, it expose a service method to create a new user.

I believe the created user can access the Cosmos DB provided the users are updated with certain permission to the collections

And my query,

  1. Is there a service method to create a user with password? If not, any alternatives to do the same?
  2. Is there a way to see the created users in Data Explorer rather than List Users?
Improve this question

1 Answer 1

Reset to default
1

1.Is there a service method to create a user with password? If not, any alternatives to do the same?

As I know, no such method in cosmos db. Based on this document, Azure Cosmos DB uses two types of keys to authenticate users and provide access to its data and resources. User and permission is resource token type here. It's meant to avoid the risk of master key exposure. It is authenticated by token,can't be password.

If do want to use password for authentication, maybe you just have to protect the token by password with your own logical code. Other words, you get the above resource token first then manage the mapping relationships between user and resource token by yourself.

2.Is there a way to see the created users in Data Explorer rather than List Users?

It can't be found on the portal now.You need to list users and permissions using sdk or rest api. You could commit feedback here to ask azure cosmos team to add this feature.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Thanks! Just have a query here. As you suggested to save a Resource Token against User, Is that always going to be the same?
@mbharanidharan88 No,it has expires time,please refer to this thread:feedback.azure.com/forums/263030-azure-cosmos-db/suggestions/…
Thanks! What is the use of protecting the token with the passoword, sorry? I am not getting your idea here.
@mbharanidharan88 You're welcome. I mean you could save the resource token which is against the user on your server. Then you create password against user. So that, you could let the user authenticate your sever with their username and password,then get the resource token for the query operations. Maybe that's a proxy way.
@mbharanidharan88 If I misunderstanding your true purpose,please pass it through. In my opinion, you don't want to share master key or resource tokens at all with your users.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.