Mastering Cosmos DB through Basic and Advanced Concepts with C#/

...

/

Data Access, Keys, and RBAC

Data Access, Keys, and RBAC

Learn what RBAC is and how to use it in Cosmos DB.

We'll cover the following...

Access keys

The primary authentication method in Cosmos DB is the use of access keys. For each account, we can use four different keys:

  • Two read-only keys

  • Two read-write keys

Each key can be regenerated individually, and it’s good practice to rotate them every so often. If we use the az cosmosdb keys list command, we get something like the following:

Press + to interact
{
  "primaryMasterKey": "QPkOYwp8h8rv55oDeqxly7FICZqq6OX5JS5hoWMiXV0F5lLeNCSQH63LpELI11IrvzyjNFAfVzV76eKoeLYLBQ==",
  "primaryReadonlyMasterKey": "Gq23jLcZrjLPyPiGLR9NQXO7p25U7vjmdzjpHlWxdbIbWIgXYAy8HczUloM3Lym3RHvksXtjWjHaWxjtv90Hvw==",
  "secondaryMasterKey": "7PZPFOWgutAskhx82JxM3vn8XOKwyHAiBgqDbsgEWBNHtWUfSCPjEgqDlt7MeU3glaMNtY5bIAKEpT9at5KgUg==",
  "secondaryReadonlyMasterKey": "mKtyPzkzFdcOkp5dFfwlOWOgZK9vrW2yRLJLvgX6QkSEcWGhz50CV3idqvtuuQj6nIPy0icAMICeqqYNvmX7OA=="
}

Keys are simple to use and highly effective. However, they have some flaws:

  • We need to trust people with keys.

  • We need to trust processes with keys.

  • They are hard to rotate if not done properly.

  • We can’t give fine-grain access to the specific services:

    • Only read-only and read-write.

    • Access to all databases and containers.

What is RBAC?

RBAC stands for role-based access control, a way to authorize users or services based on their role. It is commonly used in organizations to manage access to complex infrastructures easily.

Azure fully supports RBAC in its cloud. Roles can be assigned to the following:

  • Users

  • Groups

  • Service principals

  • Managed instances

For example, we can say: ...