0

Is it possible to create an Azure RBAC custom role that

  • has permission to write a Cosmos DB container's indexing policy
  • but is not allowed to create new containers?

It seems that the permission for writing the indexing policy is

Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/write

which is also sufficient for creating new containers (which is much more dangerous because it affects billing).

Improve this question

1 Answer 1

Reset to default
1

No, this is not supported today. Note that there can be a billing impact from changing indexing policy as well, for example if the container throughput is provisioned as auto-scale and the indexing policy is modified in such a way that certain queries no longer run efficiently, thereby increasing the normalized RU utilization on the container and therefore the bill.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.