Request you to please add data masking feature to Azure CosmodDB to protect sensitive data like always encryption feature in SQL Server which allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to the Database Engine ( SQL Database or SQL Server). As a result, Always Encrypted provides a separation between those who own the data (and can view it) and those who manage the data (but should have no access)51 votes
Work on this feature is now on our roadmap. Will update here when this work starts or becomes publicly available.
Can we include a short text description for each white listed ip in the cosmos firewall settings - similar to azure sql server white listed ip settings
It would make auditing so much easier, currently we have to maintain a seperate document showing which IP corresponds to what37 votes
Thank you while we reviewed this feature.
At this time we will add this to our backlog. Our intention is to implement this feature but is not currently on our current committed work items.
We will revisit this in upcoming planning cycles and update when this moves into our current semester road map.
I'd love to see more fine-grained permissions. In particular, an 'Edit' permission would be extremely helpful. The user with an Edit permission would be able to change any of the data for the resource except the ID, and would not be able to delete the document.
Use case: Provide users with direct but limited access to the DocumentDB database, rather than having to route all their requests through my own API.10 votes
Work on this items has not progressed. After reviewing this we need to revert this back to under-review.
This work is planned but is more long-term road map.
Thank you for your patience.
Allow a set of keys for read-write or read-only that are restricted to the Collection level or the DB level. Enable multiple applications to have different levels of permission to a single Cosmos DB.9 votes
We plan to introduce long-lived tokens for Azure Cosmos DB accounts to address this scenario. Please email email@example.com for questions, or if you would like to learn about alternate approaches to solve this scenario.
We are using Cosmos DB with Mongo API .We are unable to restrict the user to collection or database level. The only option available is read write keys and read only keys which works on the DB account level.7 votes
We are reviewing this and will update as this status changes.
Add operations to read, write and delete of firewall rule for Cosmos DB.
I could find some other services like SQL, MariaDB and PostgreSQL are having those kinds of operations,
so I was wondering why Cosmos DB doesn’t.1 vote
Thanks for your suggestion. This is not currently on our road map. Will keep on backlog and revisit in future planning cycles.
- Don't see your idea?