More fine-grained permissions
I'd love to see more fine-grained permissions. In particular, an 'Edit' permission would be extremely helpful. The user with an Edit permission would be able to change any of the data for the resource except the ID, and would not be able to delete the document.
Use case: Provide users with direct but limited access to the DocumentDB database, rather than having to route all their requests through my own API.
This feature is now available in public preview.
Please visit https://docs.microsoft.com/azure/cosmos-db/how-to-setup-rbac for more information.
Yes, on our Control Plane we are adding a number of improvements that should be coming out over the next few months which should provide this level of control.
Daniel Moerland commented
Just to add a little more color here. I would like to see the following if possible:
1. Delete Resource - User can delete the resource or not
2. Manage Permission - Ability to add new user permissions to the resource (may be left to only admin which is cool)
3. Update Resource- Can update the resource
4. Add Resource - Can create a sub-resource in the hierarchy
5. Read Permissions (already have this)
6. Full Control (I think this already exists) - Can do all of the above
I'm sure you have already thought of this, but wanted to expand on the above
Seongeun Kim commented
As far as I know, there is just 2 role "Reader" and "Contributor".
But this is not enough in my use-case.
I want to create and assign custom role that has permission [Read Collection],[Read Document],[Delete Document].
And I want to use Azure Portal to operation [Read Collection],[Read Document],[Delete Document].