cdennig/roledef.bicep

## roledef.bicep
@description('Principal ID of the managed identity')
param principalId string

var roleDefId = guid('sql-role-definition-', principalId, cosmosDbAccount.id)
var roleDefName = 'Custom Read/Write role'

resource roleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2021-06-15' = {
  name: '${cosmosDbAccount.name}/${roleDefId}'
  properties: {
    roleName: roleDefName
    type: 'CustomRole'
    assignableScopes: [
      cosmosDbAccount.id
    ]
    permissions: [
      {
        dataActions: [
          'Microsoft.DocumentDB/databaseAccounts/readMetadata'
          'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*'
        ]
      }
    ]
  }
}
	@description('Principal ID of the managed identity')
	param principalId string

	var roleDefId = guid('sql-role-definition-', principalId, cosmosDbAccount.id)
	var roleDefName = 'Custom Read/Write role'

	resource roleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2021-06-15' = {
	name: '${cosmosDbAccount.name}/${roleDefId}'
	properties: {
	roleName: roleDefName
	type: 'CustomRole'
	assignableScopes: [
	cosmosDbAccount.id
	]
	permissions: [
	{
	dataActions: [
	'Microsoft.DocumentDB/databaseAccounts/readMetadata'
	'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*'
	]
	}
	]
	}
	}