azure-cosmosdb - 无法使用基于 Cosmos DB 角色的访问控制获得读取/写入集合吞吐量的权限

问题描述

我们正在使用 Core(SQL) Cosmos DB。现在我们正在尝试添加一个角色，以下是要求：

1. 所有指标的读取权限。
2. 所有设置的读写权限，包括数据库账户级别、数据库级别和（容器）集合级别。
3. 没有文件的读取或写入权限。

我们为角色添加了以下所有权限。然而，我们仍然无法

1. 集合的读写吞吐量（规模）
2. 编写各种账户级别设置
3. 阅读吞吐量（请求数）指标。但是其他指标，如存储、可用性、延迟、一致性是可用的。

我们错过了什么吗？

```"Microsoft.DocumentDB/databaseAccountNames/read",
  "Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces/read",
  "Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces/tables/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces/tables/read",
  "Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces/tables/throughputSettings/read",
  "Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces/tables/throughputSettings/write",
  "Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces/tables/write",
  "Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces/throughputSettings/read",
  "Microsoft.DocumentDB/databaseAccounts/changeResourceGroup/action",
  "Microsoft.DocumentDB/databaseAccounts/databases/collections/metricDefinitions/read",
  "Microsoft.DocumentDB/databaseAccounts/databases/collections/metrics/read",
  "Microsoft.DocumentDB/databaseAccounts/databases/collections/partitionKeyRangeId/metrics/read",
  "Microsoft.DocumentDB/databaseAccounts/databases/collections/partitions/metrics/read",
  "Microsoft.DocumentDB/databaseAccounts/databases/collections/partitions/read",
  "Microsoft.DocumentDB/databaseAccounts/databases/collections/partitions/usages/read",
  "Microsoft.DocumentDB/databaseAccounts/databases/metricDefinitions/read",
  "Microsoft.DocumentDB/databaseAccounts/databases/metrics/read",
  "Microsoft.DocumentDB/databaseAccounts/databases/usages/read",
  "Microsoft.DocumentDB/databaseAccounts/getBackupPolicy/action",
  "Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/graphs/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/graphs/throughputSettings/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/graphs/throughputSettings/read",
  "Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/read",
  "Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/throughputSettings/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/throughputSettings/read",
  "Microsoft.DocumentDB/databaseAccounts/metricDefinitions/read",
  "Microsoft.DocumentDB/databaseAccounts/metrics/read",
  "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/throughputSettings/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/throughputSettings/read",
  "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/read",
  "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/throughputSettings/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/throughputSettings/read",
  "Microsoft.DocumentDB/databaseAccounts/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/percentile/metrics/read",
  "Microsoft.DocumentDB/databaseAccounts/percentile/read",
  "Microsoft.DocumentDB/databaseAccounts/percentile/sourceRegion/targetRegion/metrics/read",
  "Microsoft.DocumentDB/databaseAccounts/percentile/targetRegion/metrics/read",
  "Microsoft.DocumentDB/databaseAccounts/privateEndpointConnectionProxies/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/read",
  "Microsoft.DocumentDB/databaseAccounts/region/databases/collections/metrics/read",
  "Microsoft.DocumentDB/databaseAccounts/region/databases/collections/partitionKeyRangeId/metrics/read",
  "Microsoft.DocumentDB/databaseAccounts/region/databases/collections/partitions/metrics/read",
  "Microsoft.DocumentDB/databaseAccounts/region/databases/collections/partitions/read",
  "Microsoft.DocumentDB/databaseAccounts/region/metrics/read",
  "Microsoft.DocumentDB/databaseAccounts/restore/action",
  "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/storedProcedures/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/throughputSettings/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/throughputSettings/read",
  "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/triggers/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/userDefinedFunctions/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/userDefinedFunctions/read",
  "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/throughputSettings/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/throughputSettings/read",
  "Microsoft.DocumentDB/databaseAccounts/tables/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/tables/throughputSettings/operationResults/read",
  "Microsoft.DocumentDB/databaseAccounts/tables/throughputSettings/read",
  "Microsoft.DocumentDB/databaseAccounts/usages/read",
  "Microsoft.DocumentDB/locations/operationsStatus/read",
  "Microsoft.DocumentDB/operationResults/read",
  "Microsoft.DocumentDB/operations/read",
  "Microsoft.DocumentDB/register/action",
  "Microsoft.DocumentDB/register/action",```

我们还尝试了 Cosmos DB 操作员角色。缩放/设置/探索按钮甚至会随着操作员角色而消失。

标签： azure-cosmosdb