Azure sql auditing scripts and new cosmos role for _pim_cosmos_ users #98329 #98330 #98328 #98681

Custom roles/Cosmos DB List Keys.json

@@ -0,0 +1,22 @@
+{
+  "id": "/providers/Microsoft.Authorization/roleDefinitions/01032560-a033-4a7e-977d-c360b71b9217",
+  "properties": {
+      "roleName": "Cosmos DB List Keys",
+      "description": "Lets you list keys for Azure Cosmos DB accounts. Used for PIM cosmos roles.",
+      "assignableScopes": [
+          "/providers/Microsoft.Management/managementGroups/e9792fd7-4044-47e7-a40d-3fba46f1cd09"
+      ],
+      "permissions": [
+          {
+              "actions": [
+                  "Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*",
+                  "Microsoft.DocumentDB/databaseAccounts/listKeys/*",
+                  "Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*"
+              ],
+              "notActions": [],
+              "dataActions": [],
+              "notDataActions": []
+          }
+      ]
+  }
+}