在 CosmosDB 的数据库中创建新容器(使用代码)需要什么角色

问题描述 投票:0回答:1

请求被 Auth (myuser) 阻止:给定请求 [POST /dbs/UserPrivateDB/colls] 无法由数据平面中的 AAD 令牌授权。

上面是我尝试在数据库中以编程方式创建新容器时收到的错误。 (

await _database.CreateContainerIfNotExistsAsync(id,partitionKeyPath);
)

我和我的应用程序具有 Cosmos DB 内置数据贡献者、Cosmos DB 内置数据读取器和 Cosmos DB 操作员角色。

这里提出了同样的问题:我的帐户需要什么权限/角色才能在 cosmos db 中创建新容器?我尝试了它,但没有什么区别。

如果有帮助,这里是完整的(经过审查的)错误:

warn: Microsoft.AspNetCore.Components.Server.Circuits.RemoteRenderer[100]
      Unhandled exception rendering component: Response status code does not indicate success: Forbidden (403); Substatus: 5300; ActivityId: [REDACTED]; 
      Reason: {"code":"Forbidden","message":"Request blocked by Auth: The given request [POST /dbs/<DATABASE>/colls] cannot be authorized by AAD token in data plane. Learn more: https://aka.ms/cosmos-native-rbac."}

RequestUri: https://<COSMOS_ACCOUNT>.documents.azure.com/dbs/<DATABASE>/colls
RequestMethod: POST
Header: Authorization Length: [REDACTED]
Header: User-Agent Length: [REDACTED]
Header: x-ms-activity-id Length: [REDACTED]
...
Microsoft.Azure.Cosmos.CosmosException: Response status code does not indicate success: Forbidden (403); Substatus: 5300; 
    Reason: {"code":"Forbidden","message":"Request blocked by Auth: The given request [POST /dbs/<DATABASE>/colls] cannot be authorized by AAD token in data plane."}
    at Microsoft.Azure.Cosmos.GatewayStoreClient.ParseResponseAsync(HttpResponseMessage responseMessage, ...)
    ...

fail: Microsoft.AspNetCore.Components.Server.Circuits.CircuitHost[111]
      Unhandled exception in circuit '[REDACTED-CIRCUIT-ID]'.
      Microsoft.Azure.Cosmos.CosmosException : Response status code does not indicate success: Forbidden (403); Substatus: 5300; ActivityId: [REDACTED-ACTIVITY-ID]; 
      Reason: {"code":"Forbidden","message":"Request blocked by Auth: The given request [POST /dbs/<DATABASE>/colls] cannot be authorized by AAD token in data plane. Learn more: https://aka.ms/cosmos-native-rbac."}

RequestUri: https://<COSMOS_ACCOUNT>.documents.azure.com/dbs/<DATABASE>/colls
RequestMethod: POST
Header: Authorization Length: [REDACTED]
Header: User-Agent Length: [REDACTED]
Header: x-ms-activity-id Length: [REDACTED]
...

Microsoft.Azure.Cosmos.CosmosException: Response status code does not indicate success: Forbidden (403); Substatus: 5300; 
    Reason: {"code":"Forbidden","message":"Request blocked by Auth: The given request [POST /dbs/<DATABASE>/colls] cannot be authorized by AAD token in data plane."}
    at Microsoft.Azure.Cosmos.GatewayStoreClient.ParseResponseAsync(HttpResponseMessage responseMessage, ...)
    ...
c# azure azure-cosmosdb azure-cosmosdb-sqlapi
1个回答
0
投票

此请求中使用的身份(服务主体/托管身份)没有权限。您需要创建一个角色并分配给身份,

您可以在此处

查看分步说明
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.