![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 89%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,514 questions
@Alex Thanks for posting your question on Microsoft Q&A forum.
Metadata read/write permissions in Azure Cosmos DB allow users to access and modify metadata, such as schema, indexing policies, and configuration settings. These permissions are crucial for managing resources like databases and containers via the Azure portal.
To grant or restrict these permissions, use Azure role-based access control (RBAC). This involves assigning roles to users, groups, or identities with permissions defined in a JSON file.
https://video2.skills-academy.com/en-us/azure/cosmos-db/role-based-access-control
Custom roles in Azure Cosmos DB allow you to define a set of permissions to the specific needs of your users or service principals. These roles enable fine-grained access control to your Cosmos DB resources, ensuring that users have only the permissions they need to perform their tasks.
To assign read/write permissions to a user, you need to assign a special, hidden role that exists in the system. Specifically, it's the roles 00000000-0000-0000-0000-000000000001 for read and 00000000-0000-0000-0000-000000000002 for read+write.
https://video2.skills-academy.com/en-us/azure/cosmos-db/how-to-setup-rbac#metadata-requests
Regards
Geetha