Какую роль мне нужна для создания нового контейнера в базе данных (с использованием кода) в Cosmosdb ⇐ C#

[Anonymous]

Запрос, заблокированный Auth (myuser): заданный запрос [post/dbs/user -privatedb/colls] не может быть авторизован токеном AAD в плоскости данных. (await _database.CreateContainerIfNotExistsAsync(id,partitionKeyPath);)
i и мое приложение имеет роли встроенного встроенного вкладного данных Cosmos DB, встроенный чтчик данных Cosmos DB и оператор Cosmos DB. и я попробовал это, и это не имело никакого значения.warn: Microsoft.AspNetCore.Components.Server.Circuits.RemoteRenderer[100]
Unhandled exception rendering component: Response status code does not indicate success: Forbidden (403); Substatus: 5300; ActivityId: [REDACTED];
Reason: {"code":"Forbidden","message":"Request blocked by Auth: The given request [POST /dbs//colls] cannot be authorized by AAD token in data plane. Learn more: https://aka.ms/cosmos-native-rbac."}

RequestUri: https://.documents.azure.com/dbs//colls
RequestMethod: POST
Header: Authorization Length: [REDACTED]
Header: User-Agent Length: [REDACTED]
Header: x-ms-activity-id Length: [REDACTED]
...
Microsoft.Azure.Cosmos.CosmosException: Response status code does not indicate success: Forbidden (403); Substatus: 5300;
Reason: {"code":"Forbidden","message":"Request blocked by Auth: The given request [POST /dbs//colls] cannot be authorized by AAD token in data plane."}
at Microsoft.Azure.Cosmos.GatewayStoreClient.ParseResponseAsync(HttpResponseMessage responseMessage, ...)
...

fail: Microsoft.AspNetCore.Components.Server.Circuits.CircuitHost[111]
Unhandled exception in circuit '[REDACTED-CIRCUIT-ID]'.
Microsoft.Azure.Cosmos.CosmosException : Response status code does not indicate success: Forbidden (403); Substatus: 5300; ActivityId: [REDACTED-ACTIVITY-ID];
Reason: {"code":"Forbidden","message":"Request blocked by Auth: The given request [POST /dbs//colls] cannot be authorized by AAD token in data plane. Learn more: https://aka.ms/cosmos-native-rbac."}

RequestUri: https://.documents.azure.com/dbs//colls
RequestMethod: POST
Header: Authorization Length: [REDACTED]
Header: User-Agent Length: [REDACTED]
Header: x-ms-activity-id Length: [REDACTED]
...

Microsoft.Azure.Cosmos.CosmosException: Response status code does not indicate success: Forbidden (403); Substatus: 5300;
Reason: {"code":"Forbidden","message":"Request blocked by Auth: The given request [POST /dbs//colls] cannot be authorized by AAD token in data plane."}
at Microsoft.Azure.Cosmos.GatewayStoreClient.ParseResponseAsync(HttpResponseMessage responseMessage, ...)
...
< /code>
Используется код, если он помогает (клиент использует DefaulataRecredential): < /p>
public class DbQueriesHandler
{
private readonly Database _database;
private readonly Container _userContainer;

public DbQueriesHandler(CosmosClient client, string databaseId, string containerId)
{
_database = client.GetDatabase(databaseId1);
_userContainer = client.GetContainer(databaseId2, containerId);
}
public async Task CreateNewContainerAsync(string containerId, string partitionKeyPath, string[] permittedUsers)
{
await AddPermittedUsersAsync(containerId, permittedUsers);
await _database.CreateContainerIfNotExistsAsync(containerId, partitionKeyPath);
}

private async Task AddPermittedUsersAsync(string containerId, string[] permittedUsers)
{
const string sqlQuery = "SELECT * FROM c WHERE ARRAY_CONTAINS(@Emails, c.Email)";

var queryDefinition = new QueryDefinition(sqlQuery)
.WithParameter("@Emails", permittedUsers);

var resultSet = _userContainer.GetItemQueryIterator(queryDefinition);

while (resultSet.HasMoreResults)
{
var response = await resultSet.ReadNextAsync();

foreach (var user in response)
{
var accessibleDbs = user.AccessibleDbs.ToList();
accessibleDbs.Add(containerId);
user.AccessibleDbs = accessibleDbs.ToArray();
await _userContainer.ReplaceItemAsync(user, user.id);
}
}
}
}


Подробнее здесь: https://stackoverflow.com/questions/793 ... de-in-cosm