Policy: Azure > Cosmos DB > Database Account > Key Based Metadata Write Access
Define the Key Based Metadata Write Access settings required for Azure > Cosmos DB > Database Account.
This policy determines whether key-based metadata write access is permitted for Azure Cosmos DB Database Accounts. Disabling key-based metadata write access ensures that only requests authorized with Azure AD are permitted for metadata operations, enhancing security by preventing metadata writes using account keys. When set to "Check: Disabled" or "Check: Enabled", the control will go to an alarm state if the database account's setting does not match the policy. When set to "Enforce: Disabled" or "Enforce: Enabled", the control will automatically configure the property to match the policy. Setting the policy to "Skip" will exclude the database account from this check.
Targets
This policy targets the following resource types:
Controls
Setting this policy configures this control:
Policy Specification
Schema Type | |
|---|---|
Default | |
Valid Values [YAML] |
|
Examples [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/security
- tmod:@turbot/azure-cosmosdb#/policy/types/databaseAccountKeyBasedMetadataWriteAccess
- turbot graphql policy-type --id "tmod:@turbot/azure-cosmosdb#/policy/types/databaseAccountKeyBasedMetadataWriteAccess"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cosmosdb#/policy/types/databaseAccountKeyBasedMetadataWriteAccess"
Get Policy TypeGet Policy Settings