From 72bcbccdec3ab80139d34d8b0ef03343afb37046 Mon Sep 17 00:00:00 2001 From: Andriy Svyryd Date: Tue, 1 Oct 2024 13:00:31 -0700 Subject: [PATCH] Update Cosmos notes related to RBAC (#4822) --- entity-framework/core/providers/cosmos/index.md | 9 +++++---- .../core/what-is-new/ef-core-9.0/whatsnew.md | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/entity-framework/core/providers/cosmos/index.md b/entity-framework/core/providers/cosmos/index.md index 07794a9956..f318c7c96e 100644 --- a/entity-framework/core/providers/cosmos/index.md +++ b/entity-framework/core/providers/cosmos/index.md @@ -68,12 +68,13 @@ The Azure Cosmos DB provider for EF Core has multiple overloads of the [UseCosmo > [!IMPORTANT] > Make sure to understand [_Secure access to data in Azure Cosmos DB_](/azure/cosmos-db/secure-access-to-data) to understand the security implications and best practices for using each overload of the `UseCosmos` method. +> Generally, RBAC with token credentials is the recommended access-control mechanism. | Connection Mechanism | UseCosmos Overload | More information | -|----------------------------|------------------------------------------------------------------------|-------------------------------------------------------------------------------------------| -| Account endpoint and key | `UseCosmos(accountEndpoint, accountKey, databaseName)` | [Primary/secondary keys](/azure/cosmos-db/secure-access-to-data#primary-keys) | -| Account endpoint and token | `UseCosmos(accountEndpoint, tokenCredential, databaseName)` | [Resource tokens](/azure/cosmos-db/secure-access-to-data#primary-keys) | -| Connection string | `UseCosmos(connectionString, databaseName)` | [Work with account keys and connection strings](/azure/cosmos-db/scripts/cli/common/keys) | +|----------------------------|------------------------------------------------------------------------|----------------------------------------------------------------------------------------------| +| Account endpoint and key | `UseCosmos(accountEndpoint, accountKey, databaseName)` | [Primary/secondary keys](/azure/cosmos-db/secure-access-to-data#primary-keys) | +| Account endpoint and token | `UseCosmos(accountEndpoint, tokenCredential, databaseName)` | [RBAC and Resource tokens](/azure/cosmos-db/secure-access-to-data#role-based-access-control) | +| Connection string | `UseCosmos(connectionString, databaseName)` | [Work with account keys and connection strings](/azure/cosmos-db/scripts/cli/common/keys) | ## Azure Cosmos DB options diff --git a/entity-framework/core/what-is-new/ef-core-9.0/whatsnew.md b/entity-framework/core/what-is-new/ef-core-9.0/whatsnew.md index 37f6ba9a0b..01dfa1a291 100644 --- a/entity-framework/core/what-is-new/ef-core-9.0/whatsnew.md +++ b/entity-framework/core/what-is-new/ef-core-9.0/whatsnew.md @@ -279,7 +279,7 @@ For more information, [see the documentation section on pagination](xref:core/pr ### Role-based access -Azure Cosmos DB for NoSQL includes a [built-in role-based access control (RBAC) system](/azure/cosmos-db/role-based-access-control). This is now supported by EF9 for both management and use of containers. No changes are required to application code. See [Issue #32197](https://github.com/dotnet/efcore/issues/32197) for more information. +Azure Cosmos DB for NoSQL includes a [built-in role-based access control (RBAC) system](/azure/cosmos-db/role-based-access-control). This is now supported by EF9 for all data plane operations. However, Azure Cosmos DB SDK does not support RBAC for management plane operations in Azure Cosmos DB. Use Azure Management API instead of `EnsureCreatedAsync` with RBAC. ### Synchronous I/O is now blocked by default