Azure Cosmos DB for Table data plane built-in roles reference (preview)

02/13/2025
Applies to: ✅ Table

Diagram of the current location ('Reference') in the sequence of the deployment guide.

Azure Cosmos DB for Table includes built-in data plane roles within its native role-based access control implementation. This article includes a list of those roles and descriptions on what permissions are granted for each role.

Built-in data plane roles

Azure Cosmos DB for Table defines data plane-specific role definitions. These roles are distinct from Azure role-based access control role definitions.

Cosmos DB Built-in Data Reader

ID: 00000000-0000-0000-0000-000000000001

Included actions
- Microsoft.DocumentDB/databaseAccounts/readMetadata
- Microsoft.DocumentDB/databaseAccounts/tables/containers/entities/read

Cosmos DB Built-in Data Contributor

ID: 00000000-0000-0000-0000-000000000002

Included actions
- Microsoft.DocumentDB/databaseAccounts/readMetadata
- Microsoft.DocumentDB/databaseAccounts/tables/*
- Microsoft.DocumentDB/databaseAccounts/tables/containers/entities/*

Data plane actions

Azure Cosmos DB for Table data plane built-in roles reference (preview)

Built-in data plane roles

Cosmos DB Built-in Data Reader

Cosmos DB Built-in Data Contributor

Related content

Additional resources