How to create a custom role for secondary user in CosmosDB for MongoDB vCore

Question

How to create a custom role for secondary user in CosmosDB for MongoDB vCore

Nagarjun kondapalli 0

I am trying to create a custom role that grants readWrite access to database. I am doing it to assign read write permissions to a specific database. The inbuilt role readWriteAnyDatabase grants read write access to all the database so I can not use this. I tried running the below command, but it seems like this command does not work for MongoDB vCore resource. I am looking for an option to create a custom role.

az cosmosdb mongodb role definition create \

--resource-group "NRK" \

--account-name "nrkmongocluster" \

--body '{

    "Id": "test.My_Read_Only_Role101",

    "RoleName": "My_Read_Only_Role101",

    "Type": "CustomRole",

    "DatabaseName": "test",

    "Privileges": [

        {

            "Resource": {

                "Db": "test",

                "Collection": "test"

            },

            "Actions": ["insert", "find"]

        }

    ],

    "Roles": []

}'

Abhisek Mishra 1,020 Reputation points Microsoft External Staff Moderator

2025-09-12T05:18:23.7933333+00:00

Hi Nagarjun kondapalli

I hope you had a chance to review the information shared earlier, and I hope this information has been helpful!

Your feedback is important so please take a moment to accept answers. If you still have questions, please let us know what is needed in the comments so the question can be answered.
Abhisek Mishra 1,020 Reputation points Microsoft External Staff Moderator

2025-09-16T05:50:03.52+00:00

Hi Nagarjun kondapalli

I hope you had a chance to review the information shared earlier, and I hope this information has been helpful!

If you still have questions, please let us know what is needed in the comments so the question can be answered.
Akunuri, Vithal 20 Reputation points

2025-11-19T14:42:40.3166667+00:00

Hi @Abhishek mishra

db.createRole() command is also not working as we are looking for the solution described in this question.

Can you please share the process and steps to define custom roles scoped to a specific database?

Thanks,

Vithal

1 answer

Your answer

Abhisek Mishra 1,020 Reputation points Microsoft External Staff Moderator

2025-09-12T05:18:23.7933333+00:00

Hi Nagarjun kondapalli

I hope you had a chance to review the information shared earlier, and I hope this information has been helpful!

Your feedback is important so please take a moment to accept answers. If you still have questions, please let us know what is needed in the comments so the question can be answered.
Abhisek Mishra 1,020 Reputation points Microsoft External Staff Moderator

2025-09-16T05:50:03.52+00:00

Hi Nagarjun kondapalli

I hope you had a chance to review the information shared earlier, and I hope this information has been helpful!

If you still have questions, please let us know what is needed in the comments so the question can be answered.
Akunuri, Vithal 20 Reputation points

2025-11-19T14:42:40.3166667+00:00

Hi @Abhishek mishra

db.createRole() command is also not working as we are looking for the solution described in this question.

Can you please share the process and steps to define custom roles scoped to a specific database?

Thanks,

Vithal

Answer 1

Hi there Nagarjun kondapalli

I think cosmos DB for MongoDB vCore currently doesn’t support creating custom roles through the Azure CLI — that feature is only available in the NoSQL API. In vCore, role management is handled natively by the MongoDB engine, so you’ll need to connect directly to the cluster and use MongoDB commands like db.createRole() to define custom roles scoped to a specific database. The CLI command you tried works for the API for MongoDB (serverless/provisioned throughput), not for vCore. So the path forward is to create roles directly inside MongoDB shell or driver.

If this helps kindly accept the answer thanks much.

Share via

How to create a custom role for secondary user in CosmosDB for MongoDB vCore

1 answer

Your answer