{"id":9033,"date":"2024-11-19T05:30:55","date_gmt":"2024-11-19T13:30:55","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/cosmosdb\/?p=9033"},"modified":"2024-11-19T20:58:24","modified_gmt":"2024-11-20T04:58:24","slug":"new-rbac-features-for-vcore-based-azure-cosmos-db-for-mongodb","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/cosmosdb\/new-rbac-features-for-vcore-based-azure-cosmos-db-for-mongodb\/","title":{"rendered":"New RBAC Features for vCore-based Azure Cosmos DB for MongoDB"},"content":{"rendered":"<p aria-level=\"1\"><span data-contrast=\"none\">We\u2019re excited to announce a major security enhancement for the vCore-based Azure Cosmos DB for MongoDB: Role-Based Access Control (RBAC) Integration for Secondary Users with Read\/Read Write Privileges. Now available in public preview, this feature enables organizations to control data access with greater precision while preserving the flexibility and high performance that Azure Cosmos DB delivers. <\/span><span data-contrast=\"none\">What\u2019s New?<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:322,&quot;335559739&quot;:322}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">With this release, administrators using vCore-based Azure Cosmos DB for MongoDB can assign specific access roles to secondary users, granting them the required Read or Read Write privileges to access clusters. This capability enables organizations to enforce precise access restrictions, keeping sensitive data secure. Key highlights of this new RBAC feature include:<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"3\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Granular Access Control<\/span><\/b><span data-contrast=\"auto\">: Assign Read or Read Write roles to secondary users, giving them access solely to the data they need, and no more. This fine-tuned control reduces the risk of data exposure and strengthens the overall security of your data environment.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"3\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"2\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Enhanced Security<\/span><\/b><span data-contrast=\"auto\">: Protect primary data integrity by restricting modifications to trusted users only, minimizing the chance of unauthorized or accidental changes by secondary users.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"3\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"3\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Seamless Integration<\/span><\/b><span data-contrast=\"auto\">: Easily incorporate RBAC into your existing vCore-based Cosmos DB for MongoDB setup with minimal configuration, making it simple to enhance security without operational disruptions.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"3\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"4\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Scalability<\/span><\/b><span data-contrast=\"auto\">: As your organization scales, manage access consistently across multiple databases and clusters, maintaining a robust security model that grows alongside your data needs.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-content\/uploads\/sites\/52\/2024\/11\/rbac.png\"><img decoding=\"async\" class=\"size-full wp-image-9035 aligncenter\" src=\"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-content\/uploads\/sites\/52\/2024\/11\/rbac.png\" alt=\"Image rbac\" width=\"594\" height=\"226\" srcset=\"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-content\/uploads\/sites\/52\/2024\/11\/rbac.png 594w, https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-content\/uploads\/sites\/52\/2024\/11\/rbac-300x114.png 300w\" sizes=\"(max-width: 594px) 100vw, 594px\" \/><\/a><\/p>\n<h4><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><span data-contrast=\"none\">Why This Matters<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h4>\n<p><span data-contrast=\"auto\">Data access control has become a critical element of modern data governance. By offering role-based access for secondary users, this feature enables organizations to strike a balance between data security and accessibility, allowing relevant stakeholders to retrieve critical information without compromising sensitive assets.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Here are some key scenarios where this new feature can make a significant impact:<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Development and Testing<\/span><\/b><span data-contrast=\"auto\">: Control access in a development environment, allowing developers to read or modify data as needed without affecting production environments.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"2\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Data Analysis and Insights<\/span><\/b><span data-contrast=\"auto\">: Grant data analysts access to read-only data views to generate insights, while safeguarding data integrity.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"3\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Regulated Industries<\/span><\/b><span data-contrast=\"auto\">: Industries like finance, healthcare, and government can benefit from granular access control, complying with regulatory mandates while enabling efficient data operations.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<h4><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><span data-contrast=\"none\">Getting Started<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h4>\n<p><span data-contrast=\"auto\">Here is an example on how to Create a Read Only role using Mongo Shell:\u00a0<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-content\/uploads\/sites\/52\/2024\/11\/shell-user.png\"><img decoding=\"async\" class=\"size-full wp-image-9034 aligncenter\" src=\"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-content\/uploads\/sites\/52\/2024\/11\/shell-user.png\" alt=\"Image shell user\" width=\"607\" height=\"395\" srcset=\"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-content\/uploads\/sites\/52\/2024\/11\/shell-user.png 607w, https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-content\/uploads\/sites\/52\/2024\/11\/shell-user-300x195.png 300w\" sizes=\"(max-width: 607px) 100vw, 607px\" \/><\/a><\/p>\n<p><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><span data-contrast=\"none\">If you\u2019re excited about what this feature can do for you, try it out today!\u00a0<\/span> <span data-contrast=\"none\">Check out\u00a0the <\/span><a href=\"https:\/\/learn.microsoft.com\/azure\/cosmos-db\/mongodb\/vcore\/secondary-users\"><span data-contrast=\"none\">documentation<\/span><\/a><span data-contrast=\"none\">\u00a0<\/span><span data-contrast=\"none\"> to get started.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h4 aria-level=\"2\"><span data-contrast=\"none\">Leave a review<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h4>\n<p><span data-contrast=\"auto\">Tell us about your Azure Cosmos DB experience! Leave a review on PeerSpot and we\u2019ll gift you $50.\u202f<\/span><a href=\"https:\/\/peerspotdotcom.my.site.com\/proReviews\/?SalesOpportunityProduct=00kPy000004TKXJIA4&amp;productPeerspotNumber=30881&amp;CalendlyAccount=peerspot&amp;CalendlyFormLink=peerspot-product-reviews-ps-gc-vi-sf-50&amp;giftCard=50%22%20\\t%20%22_blank\"><span data-contrast=\"none\">Get started here<\/span><\/a><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<h4><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><span data-contrast=\"none\">About Azure Cosmos DB<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h4>\n<p><span data-contrast=\"none\">Azure Cosmos DB is a fully managed and serverless distributed database for modern app development, with SLA-backed speed and availability, automatic and instant scalability, and support for open-source PostgreSQL, MongoDB, and Apache Cassandra. Try Azure Cosmos DB for free <\/span><a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/cosmos-db\/\"><span data-contrast=\"none\">here<\/span><\/a><span data-contrast=\"none\">. To stay in the loop on Azure Cosmos DB updates, follow us on <\/span><a href=\"https:\/\/twitter.com\/azurecosmosdb\"><span data-contrast=\"none\">X<\/span><\/a><span data-contrast=\"none\">, <\/span><a href=\"https:\/\/www.youtube.com\/channel\/UCxZVmw8Rt_xmTpPIzLRMDkw\"><span data-contrast=\"none\">YouTube<\/span><\/a><span data-contrast=\"none\">, and <\/span><a href=\"https:\/\/www.linkedin.com\/showcase\/azure-cosmos-db\"><span data-contrast=\"none\">LinkedIn<\/span><\/a><span data-contrast=\"none\">.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We\u2019re excited to announce a major security enhancement for the vCore-based Azure Cosmos DB for MongoDB: Role-Based Access Control (RBAC) Integration for Secondary Users with Read\/Read Write Privileges. Now available in public preview, this feature enables organizations to control data access with greater precision while preserving the flexibility and high performance that Azure Cosmos DB [&hellip;]<\/p>\n","protected":false},"author":80443,"featured_media":9036,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[12,15,1918,667],"tags":[],"class_list":["post-9033","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-announcements","category-mongodb-api","category-rbac","category-security"],"acf":[],"blog_post_summary":"<p>We\u2019re excited to announce a major security enhancement for the vCore-based Azure Cosmos DB for MongoDB: Role-Based Access Control (RBAC) Integration for Secondary Users with Read\/Read Write Privileges. Now available in public preview, this feature enables organizations to control data access with greater precision while preserving the flexibility and high performance that Azure Cosmos DB [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/posts\/9033","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/users\/80443"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/comments?post=9033"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/posts\/9033\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/media\/9036"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/media?parent=9033"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/categories?post=9033"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/tags?post=9033"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}