- AZ CLI
- Azure Cosmos DB Name
$accountName - Azure Cosmos DB Resource Group
$resourceGroupName - Principal Id (account id that needs access)
$principalId- obtained via az cli
- Custom role definition id
$roleDefinitionId- Obtained via az cli after creating the custom role
These instructions are tailored for using PowerShell but you can adjust them to work with whatever you prefer I am sure. The purpose is to grant read/write access to an account to the Azure Cosmos DB. This was done so I could read/write data using the EF Core Cosmos Provider. Without this RBAC the InteractiveBrowserCredential would not work and my owner account would still receive 403: Forbidden errors.