How to Fix "The connection to the Cosmos DB database could not be made due to missing authorizations" in Azure AI Search
When integrating Azure AI Search with Cosmos DB, you might encounter the following error:
The connection to the Cosmos DB database '<the-name-of-the-database>' could not be made due to missing authorizations
This error typically means that the Managed Identity used by your Azure AI Search service does not have the necessary data plane permissions on the Cosmos DB account.
The az cosmosdb sql role assignment create command
To resolve this, you need to grant the Managed Identity the appropriate role on the Cosmos DB instance. For read-only access, use the built-in role with the ID 00000000-0000-0000-0000-000000000001
. More information about this Guid can be found in the official Microsoft documentation.
Run the following az
command:
az cosmosdb sql role assignment create \
--account-name <cosmos-account-name> \
--resource-group <resource-group-name> \
--role-definition-id 00000000-0000-0000-0000-000000000001 \
--principal-id <managed-identity-object-id> \
--scope <cosmos-db-account-scope>
- account-name: The name of your Cosmos DB account
- resource-group: The resource group containing your Cosmos DB
- role-definition-id: The
00000000-0000-0000-0000-000000000001
ID for setting the Cosmos DB Built-in Data Reader role - principal-id: The object ID of the managed identity you want to give access to Cosmos DB
- scope: The Cosmos DB account scope (use the full resource ID from the command below)
How to find the Scope of the Cosmos DB
Run the following az
command:
az cosmosdb show --name <cosmos-account-name> --resource-group <resource-group-name> --query id --output tsv