jurjen.ladenius/Cloud-20Engineering
1
0
Fork 0
mirror of https://dev.azure.com/effectory/Survey%20Software/_git/Cloud%20Engineering synced 2026-02-27 18:52:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Dynamic dates

Browse Source
This commit is contained in:
Jurjen Ladenius
2023-10-26 11:37:50 +02:00
parent bc24e238d6
commit 54d5dfee16
4 changed files with 24 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
Powershell/Tools/Azure Custom Roles.ps1
View File

@@ -14,33 +14,29 @@ New-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Custom roles\Re
#https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac#built-in-role-definitions
set-azcontext -SubscriptionId 2161debe-6042-4633-b10e-de77c06cabc6
# jimmy.van.den.berg@effectory.com "99dbd99f-9165-46a3-94d7-d8467121f0d1"
$resourceGroupName = "phasedrelease"
$accountName = "phasedrelease"
$subscriptionId = "2161debe-6042-4633-b10e-de77c06cabc6" ; $resourceGroupName = "phasedrelease"; $accountName = "phasedrelease"; $principalIdReader = "b0773fcc-378b-415a-9f33-b5c2d51b37f6"; $principalIdWriter = "c9c9389d-02df-40ab-b939-3e26736c6a87"
New-AzCosmosDBSqlRoleDefinition -AccountName $accountName -ResourceGroupName $resourceGroupName -Type CustomRole -RoleName "Cosmos Data Reader" `
-DataAction @( `
'Microsoft.DocumentDB/databaseAccounts/readMetadata',
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read', `
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/executeQuery', `
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readChangeFeed') `
-AssignableScope "/"
$subscriptionId = "3190b0fd-4a66-4636-a204-5b9f18be78a6" ; $resourceGroupName = "authorization"; $accountName = "authorizationeff"; $principalIdReader = "bd8fb398-a065-46f9-a486-1178dce979c3"; $principalIdWriter = "69bea414-ff10-40de-87c3-65b1903e9b68"
$subscriptionId = "86945e42-fa5a-4bbc-948f-3f5407f15d3e" ; $resourceGroupName = "hierarchy"; $accountName = "hierarchyeff"; $principalIdReader = "dd576450-b564-4659-ac00-163036bf1dff"; $principalIdWriter = "591b32ff-33b8-4839-bf35-58ec262b014f"
New-AzCosmosDBSqlRoleDefinition -AccountName $accountName -ResourceGroupName $resourceGroupName -Type CustomRole -RoleName "Cosmos Data Contributor" `
-DataAction @( `
'Microsoft.DocumentDB/databaseAccounts/readMetadata',
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*', `
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*') `
-AssignableScope "/"
$subscriptionId = "70cae949-5013-4c40-b718-911dbf9b9a80" ; $resourceGroupName = "participantcore"; $accountName = "participantcore"; $principalIdReader = "a7f7f051-90ad-4419-b040-2868c0e6bbff"; $principalIdWriter = "0bbbf6d4-bdf4-450a-bcc7-4024451558e5"
$subscriptionId = "f9ab522b-4895-492d-b8a8-ca6e1f60c2a8" ; $resourceGroupName = "participant-exchange"; $accountName = "participantexchange"; $principalIdReader = "3b3ebcdf-04b6-4cf8-a237-425cc3952770"; $principalIdWriter = "6c38e6fb-4190-45bc-a347-b132afb47cba"
Get-AzCosmosDBSqlRoleDefinition -AccountName $accountName -ResourceGroupName $resourceGroupName
$subscriptionId = "7feeb150-9ee0-4aea-992a-5f3a89d933e6" ; $resourceGroupName = "results-calculation"; $accountName = "results-calculation"; $principalIdReader = "645b069a-c367-4e0e-9dac-38595663acab"; $principalIdWriter = "fa86c1a4-570c-4f00-8960-1a17eb23d613"
$principalId = "99dbd99f-9165-46a3-94d7-d8467121f0d1" # jimmy.van.den.berg@effectory.com
New-AzCosmosDBSqlRoleAssignment -AccountName $accountName -PrincipalId $principalId -ResourceGroupName $resourceGroupName -RoleDefinitionName "Cosmos Data Contributor" -Scope "/subscriptions/2161debe-6042-4633-b10e-de77c06cabc6/resourceGroups/phasedrelease/providers/Microsoft.DocumentDB/databaseAccounts/phasedrelease"
$subscriptionId = "7feeb150-9ee0-4aea-992a-5f3a89d933e6" ; $resourceGroupName = "results-calculation"; $accountName = "results-calculation-stage"; $principalIdReader = "645b069a-c367-4e0e-9dac-38595663acab"; $principalIdWriter = "fa86c1a4-570c-4f00-8960-1a17eb23d613"
Get-AzCosmosDBSqlRoleAssignment -AccountName $accountName -ResourceGroupName $resourceGroupName
set-azcontext -SubscriptionId $subscriptionId
Remove-AzCosmosDBSqlRoleAssignment -AccountName $accountName -Id "/subscriptions/2161debe-6042-4633-b10e-de77c06cabc6/resourceGroups/phasedrelease/providers/Microsoft.DocumentDB/databaseAccounts/phasedrelease/sqlRoleAssignments/cbc3170d-f815-4164-9044-eb9913eb909a" -ResourceGroupName $resourceGroupName
New-AzCosmosDBSqlRoleAssignment -AccountName $accountName -PrincipalId $principalIdReader -ResourceGroupName $resourceGroupName -RoleDefinitionName "Cosmos DB Built-in Data Reader" `
-Scope "/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/$accountName"
New-AzCosmosDBSqlRoleAssignment -AccountName $accountName -PrincipalId $principalIdWriter -ResourceGroupName $resourceGroupName -RoleDefinitionName "Cosmos DB Built-in Data Contributor" `
-Scope "/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/$accountName"
#Get-AzCosmosDBSqlRoleAssignment -AccountName $accountName -ResourceGroupName $resourceGroupName
# Remove-AzCosmosDBSqlRoleAssignment -AccountName $accountName -Id "/subscriptions/2161debe-6042-4633-b10e-de77c06cabc6/resourceGroups/phasedrelease/providers/Microsoft.DocumentDB/databaseAccounts/phasedrelease/sqlRoleAssignments/0991d31e-323d-4312-b328-92d75cbe0166" -ResourceGroupName $resourceGroupName