How to Fix "The connection to the Cosmos DB database could not be made due to missing authorizations" in Azure AI Search

When integrating Azure AI Search with Cosmos DB, you might encounter the following error:

The connection to the Cosmos DB database '<the-name-of-the-database>' could not be made due to missing authorizations

This error typically means that the Managed Identity used by your Azure AI Search service does not have the necessary data plane permissions on the Cosmos DB account.

The az cosmosdb sql role assignment create command

To resolve this, you need to grant the Managed Identity the appropriate role on the Cosmos DB instance. For read-only access, use the built-in role with the ID 00000000-0000-0000-0000-000000000001. More information about this Guid can be found in the official Microsoft documentation.

Run the following az command:

az cosmosdb sql role assignment create \
  --account-name <cosmos-account-name> \
  --resource-group <resource-group-name> \
  --role-definition-id 00000000-0000-0000-0000-000000000001 \
  --principal-id <managed-identity-object-id> \
  --scope <cosmos-db-account-scope>

How to find the Scope of the Cosmos DB

Run the following az command:

az cosmosdb show --name <cosmos-account-name> --resource-group <resource-group-name> --query id --output tsv
comments powered by Disqus