#Get-AzRoleDefinition 'Storage Data Contributor' | ConvertTo-Json 


$fileName =  "c:\temp\subscriptions.csv" 
Get-AzSubscription | Export-Csv -Path $fileName -NoTypeInformation



Set-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Custom roles\Storage Data Contributor.json'
Set-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Custom roles\Storage Data Reader.json'
New-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Custom roles\Resource Lock Administrator.json'




#https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac#built-in-role-definitions
set-azcontext -SubscriptionId 2161debe-6042-4633-b10e-de77c06cabc6

$resourceGroupName = "phasedrelease"
$accountName = "phasedrelease"

New-AzCosmosDBSqlRoleDefinition -AccountName $accountName -ResourceGroupName $resourceGroupName -Type CustomRole -RoleName "Cosmos Data Reader" `
    -DataAction @( `
        'Microsoft.DocumentDB/databaseAccounts/readMetadata',
        'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read', `
        'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/executeQuery', `
        'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readChangeFeed') `
    -AssignableScope "/"


New-AzCosmosDBSqlRoleDefinition -AccountName $accountName -ResourceGroupName $resourceGroupName -Type CustomRole -RoleName "Cosmos Data Contributor" `
    -DataAction @( `
        'Microsoft.DocumentDB/databaseAccounts/readMetadata',
        'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*', `
        'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*') `
    -AssignableScope "/"


Get-AzCosmosDBSqlRoleDefinition -AccountName $accountName -ResourceGroupName $resourceGroupName

$principalId = "99dbd99f-9165-46a3-94d7-d8467121f0d1" # jimmy.van.den.berg@effectory.com
New-AzCosmosDBSqlRoleAssignment -AccountName $accountName -PrincipalId $principalId -ResourceGroupName $resourceGroupName -RoleDefinitionName "Cosmos Data Contributor" -Scope "/subscriptions/2161debe-6042-4633-b10e-de77c06cabc6/resourceGroups/phasedrelease/providers/Microsoft.DocumentDB/databaseAccounts/phasedrelease"

Get-AzCosmosDBSqlRoleAssignment -AccountName $accountName -ResourceGroupName $resourceGroupName

Remove-AzCosmosDBSqlRoleAssignment -AccountName $accountName -Id "/subscriptions/2161debe-6042-4633-b10e-de77c06cabc6/resourceGroups/phasedrelease/providers/Microsoft.DocumentDB/databaseAccounts/phasedrelease/sqlRoleAssignments/cbc3170d-f815-4164-9044-eb9913eb909a" -ResourceGroupName $resourceGroupName