List Permissions of a user in CosmosDB using SDK

Question

I am trying to do a POC on List Permissions of a local user in CosmosDB.

I am referring to this Doc for List permissions.

Can someone give me a sample code to run below REST API (using primary Key)

https://mynosqlaccount.documents.azure.com/dbs/MyDatabaseID/users/VinnyG/permissions

I am trying to use below sample code but it continuously fails no matter what i try. Can someone correct me what I am missing?

string AccessToken = GenerateMasterKeyAuthorizationSignature(HttpMethod.Get, ResourceType.RegistryKey, "dbs", "Fri, 30 Dec 2022 22:08:00 GMT", "MyPrimaryKey from Cosmos DB Account");

var httpClient = new HttpClient
  {
      BaseAddress = new Uri("https://my-nosql-account.documents.azure.com/")
  };
string endpointUrl = "dbs/CosmosDBSql1/users/VinnyG/permissions";
var request = new HttpRequestMessage(HttpMethod.Get, endpointUrl);
request.Headers.Add("authorization", AccessToken);
request.Headers.Add("x-ms-version", "2018-09-17");
request.Headers.Add("x-ms-date", "Fri, 30 Dec 2022 22:08:00 GMT");
var response = await httpClient.SendAsync(request);
var responseContent = await response.Content.ReadAsStringAsync();

Error Message:

"code":"Unauthorized","message":"The input authorization token can't serve the request. The wrong key is being used or the expected payload is not built as per the protocol. For more info: https://aka.ms/cosmosdb-tsg-unauthorized. Server used the following payload to sign: 'get\npermissions\ndbs/CosmosDBSql1/users/VinnyG\nfri, 30 dec 2022 22:08:00 gmt\n\n'\r\n

score 0 · Answer 1 · answered Jan 01 '23 at 03:47

0

That API call is for permissions granted to users who login using resource tokens, not the newer RBAC permissions. To access those permissions you need to call the Cosmos resource provider for GET SQL Role Assignments

answered Jan 01 '23 at 03:47

Mark Brown

8,113
2
17
21

List Permissions of a user in CosmosDB using SDK

1 Answers1