Class Permission

Namespace

Microsoft.Azure.Cosmos

Assembly

Microsoft.Azure.Cosmos.Client.dll

Operations for reading, replacing, or deleting a specific permission by id. Permissions are used to create ResourceTokens. Resource tokens provide access to the application resources within a database. Resource tokens:

• Provide access to specific containers, partition keys, documents, attachments, stored procedures, triggers, and UDFs.
• Are created when a user is granted permissions to a specific resource.
• Are recreated when a permission resource is acted upon on by POST, GET, or PUT call.
• Use a hash resource token specifically constructed for the user, resource, and permission.
• Are time bound with a customizable validity period. The default valid timespan is one hour. Token lifetime, however, may be explicitly specified, up to a maximum of 24 hours.
• Provide a safe alternative to giving out the master key.
• Enable clients to read, write, and delete resources in the Cosmos DB account according to the permissions they've been granted.

public abstract class Permission

Inheritance

object

Permission

Inherited Members

object.GetType()

object.MemberwiseClone()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Extension Methods

CosmosLinqExtensions.DocumentId(object)

CosmosLinqExtensions.IsArray(object)

CosmosLinqExtensions.IsBool(object)

CosmosLinqExtensions.IsDefined(object)

CosmosLinqExtensions.IsNull(object)

CosmosLinqExtensions.IsNumber(object)

CosmosLinqExtensions.IsObject(object)

CosmosLinqExtensions.IsPrimitive(object)

CosmosLinqExtensions.IsString(object)

CosmosLinqExtensions.RegexMatch(object, string, string)

CosmosLinqExtensions.RegexMatch(object, string)

Constructors

Permission()

protected Permission()

Properties

Id

The Id of the Cosmos Permission

public abstract string Id { get; }

Property Value

string

Methods

DeleteAsync(RequestOptions, CancellationToken)

Delete a PermissionProperties from the Azure Cosmos DB service as an asynchronous operation. This will not revoke existing ResourceTokens.

public abstract Task<PermissionResponse> DeleteAsync(RequestOptions requestOptions = null, CancellationToken cancellationToken = default)

Parameters

requestOptions RequestOptions

(Optional) The options for the user request.

cancellationToken CancellationToken

(Optional) CancellationToken representing request cancellation.

Returns

Task<PermissionResponse>

A Task containing a PermissionResponse which will contain information about the request issued.

Examples

User user = this.database.GetUser("userId");
Permission permission = user.GetPermission("permissionId");
PermissionResponse response = await permission.DeleteAsync();

ReadAsync(int?, RequestOptions, CancellationToken)

Reads a PermissionProperties from the Azure Cosmos service as an asynchronous operation. Each read will return a new ResourceToken with its respective expiration.

public abstract Task<PermissionResponse> ReadAsync(int? tokenExpiryInSeconds = null, RequestOptions requestOptions = null, CancellationToken cancellationToken = default)

Parameters

tokenExpiryInSeconds int?

(Optional) The expiry time for resource token in seconds. This value can range from 10 minutes (or 600 seconds), to 24 hours (or 86,400 seconds). The default value for this is 1 hour (or 3,600 seconds). This does not change the default value for future tokens.

requestOptions RequestOptions

(Optional) The options for the permission request.

cancellationToken CancellationToken

(Optional) CancellationToken representing request cancellation.

Returns

Task<PermissionResponse>

A Task containing a PermissionResponse which wraps a PermissionProperties containing the read resource record.

Examples

User user = this.database.GetUser("userId");
Permission permission= user.GetPermission("permissionId");
PermissionProperties permissionProperties = await permission.ReadAsync(tokenExpiryInSeconds: 9000);

ReplaceAsync(PermissionProperties, int?, RequestOptions, CancellationToken)

Replace a PermissionProperties from the Azure Cosmos service as an asynchronous operation. This will not revoke existing ResourceTokens.

public abstract Task<PermissionResponse> ReplaceAsync(PermissionProperties permissionProperties, int? tokenExpiryInSeconds = null, RequestOptions requestOptions = null, CancellationToken cancellationToken = default)

Parameters

permissionProperties PermissionProperties

The PermissionProperties object.

tokenExpiryInSeconds int?

(Optional) The expiry time for resource token in seconds. This value can range from 10 seconds, to 24 hours (or 86,400 seconds). The default value for this is 1 hour (or 3,600 seconds). This does not change the default value for future tokens.

requestOptions RequestOptions

(Optional) The options for the user request.

cancellationToken CancellationToken

(Optional) CancellationToken representing request cancellation.

Returns

Task<PermissionResponse>

A Task containing a PermissionResponse which wraps a PermissionProperties containing the replace resource record.

Examples

PermissionProperties permissionProperties = permissionReadResponse;
permissionProperties.Id = "newuser";
PermissionResponse response = await permission.ReplaceAsync(permissionProperties, tokenExpiryInSeconds: 9000);
PermissionProperties replacedProperties = response;