auslavs
commented
2 months ago We just reviewed our slack history and we had observed this issue back in July of 2023, but it was masked with another issue that has since been resolved.
Open auslavs opened 2 months ago
auslavs
commented
2 months ago We just reviewed our slack history and we had observed this issue back in July of 2023, but it was masked with another issue that has since been resolved.
Describe the bug Apologies if this is the wrong area to log an issue. We have been observing an error when assigning the Cosmos DB Built-in Data Contributor role to a function app for the first time via a bicep template.
The error reports
DeploymentFailed, but using Azure CLI we can see that he Data Contributor role has been successfully applied.When looking at the actions that the principal is required to perform,
Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/operationResults/readis missing. So, my guess is that although we had permissions to apply the role, we did not have the permission to read the result i.e.operationResults/read?Has this recently been introduced? No one on our team can recall issues like this in the past when we have attempted to apply the Data Reader or Data Contributor role in the past.
Also, if you have any documentation that mentions these permissions that you can point me to, it would be most appreciated.
Thanks
To Reproduce Using bicep assign the
Cosmos DB Built-in Data Contributorrole to a function app.Expected behavior The role is applied successfully without error.
Actual behavior An error message (provided above) is returned, halting deployment. However, the role is successfully applied.
Environment summary Azure DevOps Pipeline