Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Warning
Resource Owner Password Credential (ROPC) flow isn't recommended for production Azure Cosmos DB for NoSQL workloads as it requires handling credentials directly, which poses security risks. For more secure authentication, use role-based access control with Microsoft Entra ID. For more information, see role-based access control and Microsoft Entra ID authentication in Azure Cosmos DB for NoSQL.
Azure Cosmos DB for NoSQL allows you to assign roles to control access to your database resources. This article explains how to grant account reader access to users, groups, or service principals to ensure secure resource management.
Note
Role assignments require subscription owner permissions. Ensure you have the appropriate permissions before attempting to assign roles to your Azure Cosmos DB for NoSQL account.
Prerequisites
An existing Azure Cosmos DB for NoSQL account
Subscription owner permissions or sufficient access control permissions
Assign account reader role
To grant Azure Cosmos DB for NoSQL account reader access to a user, group, or service principal, you need to configure role assignments through Access control (IAM).
Sign in to the Azure portal (https://portal.azure.cn).
Navigate to your Azure Cosmos DB for NoSQL account.
Select Access control (IAM) from the navigation menu.
Select Add > Add role assignment to open the role assignment configuration.
Configure the role assignment with the following settings:
Setting Value Role Cosmos DB Account Reader Assign access to User, group, or service principal Members The user, group, or application in your directory Select Review + assign to complete the role assignment.
The assigned entity can now read Azure Cosmos DB for NoSQL resources in your account.