Azure Cosmos DB for Table data plane built-in roles reference (preview)
Diagram of the sequence of the deployment guide including these locations, in order: Overview, Concepts, Prepare, Role-based access control, Network, and Reference. The 'Reference' location is currently highlighted.
Azure Cosmos DB for Table includes built-in data plane roles within its native role-based access control implementation. This article includes a list of those roles and descriptions on what permissions are granted for each role.
Built-in data plane roles
Azure Cosmos DB for Table defines data plane-specific role definitions. These roles are distinct from Azure role-based access control role definitions.
Cosmos DB Built-in Data Reader
ID: 00000000-0000-0000-0000-000000000001
- Included actions
Microsoft.DocumentDB/databaseAccounts/readMetadataMicrosoft.DocumentDB/databaseAccounts/tables/containers/entities/read
Cosmos DB Built-in Data Contributor
ID: 00000000-0000-0000-0000-000000000002
- Included actions
Microsoft.DocumentDB/databaseAccounts/readMetadataMicrosoft.DocumentDB/databaseAccounts/tables/*Microsoft.DocumentDB/databaseAccounts/tables/containers/entities/*