I am using the below commands to get the role definition details
az role definition list --name "Storage Blob Data Owner"
Or
az role definition list --name "b7e6dc6d-f1e8-4753-8033-0f276bb0955b"
And it is working fine however for other roles like readerRoleId 00000000-0000-0000-0000-000000000001 it does not work and returns empty.
What command should I use instead?
I am using the below commands to get the role definition details
az role definition list --name "Storage Blob Data Owner"
Or
az role definition list --name "b7e6dc6d-f1e8-4753-8033-0f276bb0955b"
And it is working fine however for other roles like readerRoleId 00000000-0000-0000-0000-000000000001 it does not work and returns empty.
What command should I use instead?
Share Improve this question asked Mar 14 at 18:12 JimmyJimmy 317 bronze badges 3 |1 Answer
Reset to default 1Note that 00000000-0000-0000-0000-000000000001 is role ID for Cosmos DB Built-in Data Reader Role. It is not a standard Azure RBAC role, so it cannot be retrieved using the az role definition list command.
Initially, I too got blank results when I run below Azure CLI command:
az role definition list --name "00000000-0000-0000-0000-000000000001"
Response:
To retrieve the role definition for a Cosmos DB SQL role, use this Azure CLI command:
az cosmosdb sql role definition show --account-name cosmosdbname --resource-group rgname --id "00000000-0000-0000-0000-000000000001"
Response:
Reference:
Use data plane role-based access control - Azure Cosmos DB for NoSQL | Microsoft
az role definition list, then Cosmos DB roles withaz cosmosdb sql role definition show. – Sridevi Commented Mar 17 at 3:03